Nostr Army Knife (nak)
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent with the nak CLI, but using it with a Nostr secret key can publish public content, spend wallet funds, upload files, or expose an MCP server if you choose those commands.
Before installing or using this skill, make sure you trust the nak CLI on your system. Do not provide your main Nostr secret key unless you intend the agent to sign or act as you. Review every public post, file upload, wallet payment, relay, server URL, and MCP connection before running commands.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with your key, the agent could make public posts, upload selected files, or initiate wallet payments when asked to run these commands.
The skill documents CLI commands that can publish public content, pay a Lightning invoice, and upload a local file. These are purpose-aligned for nak, but they are state-changing actions.
nak event -c "Hello Nostr" ...; nak wallet pay --sec <nsec> lnbc1...; nak blossom upload --server https://cdn.example.com --sec <nsec> ./image.png
Treat publish, upload, and wallet commands as approval-required actions; verify the relay/server, file path, invoice, and content before execution.
A secret key can let commands sign as you on Nostr and may authorize wallet operations tied to that key.
The skill expects access to a Nostr secret key for signing and related wallet actions. That is central to the purpose, but it grants authority over the user's Nostr identity and is not declared in the metadata credential fields.
`NOSTR_SECRET_KEY`: Set this to avoid passing `--sec` every time.
Use a dedicated or limited key where possible, avoid exposing long-lived secret keys broadly in the environment, and only provide keys for commands you explicitly approve.
Security depends on the nak binary already present on the system or installed separately by the user.
The skill relies on an external CLI, but the provided artifacts include no install spec or reviewed binary source. The registry metadata also lists no required binaries.
compatibility: Requires `nak` CLI (v0.15.3+ recommended).
Install nak only from a trusted source, verify the version, and be cautious if a local nak binary comes from an unknown path or package.
If MCP mode is enabled, another MCP client or agent may be able to access nak capabilities depending on how it is connected and configured.
The optional MCP mode exposes nak as a tool source for agent integration, but the artifact does not describe identity, access control, or data boundaries for that server.
`nak` has an `mcp` command that starts a Model Context Protocol server. ... nak mcp
Only run MCP mode for trusted local clients, avoid loading broad secret-key environment variables into that session, and stop the server when it is no longer needed.