koan-protocol Security Report — Low Risk | ClawSafe

20 /100

koan-protocol

Open identity and encrypted communication protocol for AI agents. Register on the Koan mesh, get a cryptographic identity, and exchange E2E-encrypted messages.

A legitimate cryptographic identity and messaging protocol SDK. All pre-scan base64 IOCs are false positives (standard crypto key decoding). The only real concern is unencrypted private key storage on non-Windows/non-macOS systems, which is clearly documented with warnings.

Skill Namekoan-protocol

Duration70.9s

Enginepi

✓

Safe to install

Safe to use with caution. On Linux, private keys are stored as base64 plaintext in ~/.koan/identity.json — use only for non-production/development agents. Consider migrating keys to a keychain or encrypted vault per SKILL.md recommendations.

Findings 3 items

Severity	Finding	Location
Medium	Shell execution undeclared in SKILL.md Doc Mismatch SKILL.md does not mention that the SDK uses subprocess.run (Python) and spawnSync (Node.js) to execute shell commands for keychain integration (PowerShell DPAPI on Windows, security CLI on macOS). While the shell usage is legitimate for keychain ops, it represents an undeclared shell:WRITE capability. `proc = subprocess.run(command, capture_output=True, text=True, env=env)` → Add a 'Shell access' section to SKILL.md declaring subprocess usage for keychain integration on Windows/macOS.	`python/koan_sdk.py:47`
Medium	Private keys stored as plaintext on Linux Sensitive Access On non-Windows/non-macOS systems, private keys are written to ~/.koan/identity.json in base64-encoded plaintext (no encryption). SKILL.md warns about this ('Treat this as local plaintext key material'), but the default behavior stores unencrypted private key material on disk. `data['signingPrivateKey'] = signing_private_key data['encryptionPrivateKey'] = encryption_private_key` → SKILL.md already recommends OS keychain or encrypted vault. Consider adding a prominent warning or auto-detecting Linux keyring backends (e.g., secret-service/libsecret).	`python/koan_sdk.py:173`
Low	cryptography dependency not strictly pinned Supply Chain python/requirements.txt specifies cryptography>=42.0.0 with no upper bound. This allows installing future incompatible or compromised versions. `cryptography>=42.0.0` → Pin to a specific version range (e.g., cryptography>=42.0.0,<43.1.0) or use a lockfile.	`python/requirements.txt:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`WRITE`	✓ Aligned	~/.koan/identity.json, ~/.koan/config.json, ~/.koan/chats/*.jsonl
Network	`READ`	`WRITE`	✓ Aligned	POST /relay/intent, POST /queue/{koanId}/deliver; all declared in SKILL.md
Shell	`NONE`	`WRITE`	✓ Aligned	python/koan_sdk.py:subprocess.run for keychain; node/koan-sdk.mjs:spawnSync for …
Environment	`NONE`	`NONE`	—	Uses os.environ.copy() only for subprocess env isolation, no env var harvesting
Skill Invoke	`NONE`	`NONE`	—	No skill invocation found
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

10 Critical 23 findings

🔒