Skillv1.0.0

ClawScan security

nostr-dogechat · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 5, 2026, 6:45 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (create a Nostr identity and publish geohash-tagged messages) but contains mismatches between docs and code, silently generates and stores a plaintext private key in the user's home directory, and omits install/runtime declarations — these inconsistencies merit caution.
Guidance: This skill appears to implement a Nostr/DogeChat bridge but has several mismatches and privacy-relevant behavior you should understand before installing: - It will generate a private signing key and store it unencrypted at ~/.openclaw/nostr-dogechat/identity.json (rotated after 24h). If you don't want a plaintext secret stored on your machine, do not install/run it as-is. Consider moving storage to a secure keystore or encrypting the file. - SKILL.md says the geohash comes from USER_CONTEXT, but the code reads CLI args; the packaging is inconsistent and the repo omits an install step. Expect to manually install Node and the npm deps (and note package.json is missing 'minimist'). - The skill will open outbound WebSocket connections to public relays (wss://relay.damus.io, wss://nos.lol, wss://relay.dogechat.org) and publish signed events under the generated identity. If you are concerned about network traffic or linking messages to a persistent identity, do not run it until you review/modify the code. Recommendations: inspect and run the code in an isolated environment (or sandbox/VM), add encryption for the identity file or use a dedicated ephemeral identity, update package.json to declare all deps and provide an install step, and confirm you are comfortable with the relay endpoints before enabling autonomous agent invocation.

Review Dimensions

Purpose & Capability: noteThe code's behavior (generating a Nostr secret key, signing events, and publishing to listed relays) is coherent with a Nostr/DogeChat bridge. However there are metadata mismatches: registry metadata claimed no required binaries but _meta.json indicates node is required; SKILL.md refers to USER_CONTEXT for geohash while the implementation reads CLI args; package.json lists some deps that the code uses, but the code requires 'minimist' which is not in package.json. These disparities indicate sloppy packaging but are explainable by developer oversight.
Instruction Scope: concernSKILL.md instructs usage via a geohash from USER_CONTEXT and provides a CLI example, but does not disclose that the skill will create and persist a secret key file under ~/.openclaw/nostr-dogechat/identity.json. The code will generate a secret, store it in plaintext, rotate it on a 24h policy, and publish events to external WebSocket relays. The SKILL.md guardrails mention not sharing private keys but do not disclose local persistent storage or network relay publishing — this is scope creep from the user's perspective and should be called out.
Install Mechanism: noteThis is instruction-only (no platform install spec). A package.json is present (with nostr-tools, ngeohash, @noble/hashes) but no install instructions are provided; the runtime requires node and npm modules to be available but the skill provides no mechanism to ensure they are installed. That mismatch may cause failures or surprises when running.
Credentials: noteThe skill declares no required env credentials, but the code reads HOME and optionally OPENCLAW_AGENT_NAME and writes a plaintext secret (nsec) to ~/.openclaw/nostr-dogechat/identity.json. Generating/storing a signing key is proportional to the purpose (a Nostr identity is needed), but the storage of an unencrypted private key in the user's home directory is a privacy/security concern that was not documented in SKILL.md or registry metadata.
Persistence & Privilege: notealways:false (normal). The skill persists state by creating ~/.openclaw/nostr-dogechat/identity.json and rotating it after 24 hours, which is expected for an identity manager but does give the skill lasting local presence. It does not modify other skills or system-wide settings.