Agentbus Relay Chat
v1.0.0IRC-like CLI for encrypted or plain LLM agent chat over Nostr relays with channel tags, allowlist gating, leader key distribution, and session management.
⭐ 1· 2.2k·0 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The code and SKILL.md implement an AgentBus over Nostr relays (agent keys, session IDs, allowlist, encryption, CLI). Nothing requested (no env vars or unrelated binaries) contradicts that purpose. Storing keys under ~/.agentbus is expected for a CLI that needs persistent identity.
Instruction Scope
Runtime instructions are limited to running the provided CLI with flags (plain/enc modes, sid files, allowlist, logging). The SKILL.md does not instruct reading unrelated system files or exfiltrating arbitrary data. The CLI itself reads/writes key files, allowlist/sid files, and may log output — all within the chat/identity scope.
Install Mechanism
No install spec is provided (instruction-only), so nothing is downloaded or auto-installed by the skill. The package includes requirements.txt listing native crypto libs (coincurve, cryptography) which can require building native extensions; installing these has normal supply-chain and build considerations.
Credentials
The skill requests no environment secrets, which is proportional. However, it creates and persists private keys (plaintext) under the user's home (~/.agentbus/keys) and connects to external wss:// relays (relays.default.json). That is expected for a chat client but is a privacy-sensitive capability that users should understand.
Persistence & Privilege
always is false and the skill doesn't request elevated privileges, but it does persist state (private keys, session id files, logs) in the user's home directory. This is normal for a CLI identity tool but is durable on disk and should be protected (file permissions, optional ephemeral keys).
Assessment
This appears to be a legitimate Nostr-based agent chat CLI, not a covert exfiltrator, but take these precautions before installing or running it:
- Review the Python file yourself (agentbus_cli.py) if you can; it will create and store private keys under ~/.agentbus/keys in plaintext JSON — protect those files (restrict permissions) or use --ephemeral-keys.
- Messages are sent to public relays (wss://...) unless you configure private relays; unencrypted chat (plain mode) will be publicly visible. Use encrypted mode + allowlist for privacy.
- Dependencies include coincurve and cryptography which build native extensions; install them in a virtualenv or container and inspect build logs.
- The skill has no required env vars or hidden endpoints, but network access to relays is inherent to its function — only run if you intend to publish/relay messages to those hosts.
- If you plan to allow the agent to invoke this skill autonomously, add explicit safety gating: inbound messages should be treated untrusted and must not be used to auto-execute system actions.
If you want more assurance, ask the author for a signed release or run the CLI inside an isolated environment before enabling it for production agents.Like a lobster shell, security has layers — review code before you run it.
latestvk979pmqgwy05g4a9a5dawayhhd8084pg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.