Dagny Nostr (nak)
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked carelessly, the agent could publish public signed posts or replies from the user's Nostr identity.
This command signs and publishes a Nostr event to a relay. The artifact documents posting/reply workflows but does not state that the agent must get explicit user approval immediately before publishing.
nak event -k 1 --sec $NOSTR_SECRET_KEY -c "<content>" wss://relay.primal.net
Require an explicit user confirmation step before any `nak event` publish command, show the final content, relay, tags, and account key being used, and avoid autonomous posting.
The Nostr secret key is highly sensitive; anyone or any process with it can sign events as the user.
The skill needs the user's Nostr secret key, which is expected for publishing but grants signing authority for that identity. The registry metadata lists no required env vars or primary credential.
Requires access to NOSTR_SECRET_KEY (nsec) for signing/publishing.
Use a dedicated or low-risk Nostr key if possible, keep the secret out of chat, store it with restricted permissions, and ensure the skill metadata declares the credential requirement.
A future change to the remote install script would affect what gets installed.
The install instructions use an unpinned remote shell script from the master branch. This is disclosed and user-directed, but it means the installed code can change over time.
curl -sSL https://raw.githubusercontent.com/fiatjaf/nak/master/install.sh | sh
Review the script before running it, prefer pinned releases or package-manager installs where available, and avoid piping remote scripts directly to a shell.