Nosi (Publish contents from AI agents)
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: nosi Version: 0.1.0 The skill bundle is benign. It clearly outlines its purpose: to publish content to nosi.pub. The instructions for the AI agent in `skill.md` are transparent, guiding the agent to ask the user for an email for registration and an API key for publishing, both of which are directly necessary for interacting with the `nosi.pub` service. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, prompt injection attempts to subvert the agent's purpose, or obfuscation. All actions are aligned with the stated goal of using the `https://nosi.pub` API.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anything the user asks to publish may become publicly accessible through a permanent link.
Publishing to the open web is the stated purpose and is clearly disclosed, but it is a high-impact action if private or sensitive content is provided.
Nosi lets you publish text to the open web and get a permanent, shareable URL.
Only publish content the user explicitly wants to make public, and confirm before publishing sensitive, personal, confidential, or proprietary material.
The API key may allow publishing under the user’s Nosi account or identity.
The skill uses a Nosi API key to authenticate publishing requests. This is expected for the service, but users should recognize they are providing account-level publishing authority.
If yes: Get the API key from user 4. Publish content with X-API-Key header
Provide only a Nosi API key intended for this service, avoid sharing unrelated credentials, and rotate the key if it is exposed.