Stegstr
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for steganographic PNG/Nostr workflows, but users should notice the unpinned source build, optional private-key use, and sensitive hidden payload handling.
This skill appears suitable for its stated Stegstr PNG/Nostr use case. Before installing, make sure you trust the upstream GitHub project or pin a release, and be careful with any Nostr private key or hidden payload data you process.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the remote repository or dependencies change, the installed CLI may not exactly match what the user expected.
The optional installer fetches and builds code from a remote repository without pinning a commit, tag, or checksum. This is a normal installation pattern for a CLI skill, but it means the built code depends on the remote source at install time.
REPO_URL="${STEGSTR_REPO_URL:-https://github.com/brunkstr/Stegstr.git}" ... git clone "$REPO_URL" "$INSTALL_DIR" ... cargo build --release --bin stegstr-cliInstall only if you trust the upstream repository, and prefer pinning a known release or commit when using it in repeatable or sensitive environments.
A private key entered on a command line may be exposed through shell history, logs, or screen sharing, and misuse of the key could affect the user's Nostr identity.
The skill documents an optional command that accepts a Nostr private key to create a note bundle. This is aligned with the Nostr posting workflow, but the key represents account identity and signing authority.
stegstr-cli post "Message" --privkey-hex <64-char-hex> --output bundle.json
Use a test or dedicated key when possible, avoid exposing private keys in shared logs or command history, and only provide a key when signing is actually needed.
Hidden content could reveal sensitive information or contain text that attempts to influence the agent's next actions.
Decoded image contents may include private messages or arbitrary text/JSON. If an agent reads that output, it should treat it as data from the image, not as trusted instructions.
Stegstr hides Nostr messages and arbitrary payloads inside PNG images ... Users embed their feed (posts, DMs, JSON) into images ... Writes raw payload to stdout.
Review decoded payloads before sharing or reusing them, and instruct agents to treat extracted content as untrusted input unless the user explicitly says otherwise.