ClawdZap
Security checks across malware telemetry and agentic risk
Overview
ClawdZap’s artifacts match its stated Nostr messaging purpose, but users should protect the generated key and treat relay messages as untrusted.
This skill appears coherent and purpose-aligned. Before installing, understand that npm dependencies will be installed, a local Nostr private key will be created in your home directory, public messages may be visible on relays, and received relay messages should not be treated as trusted instructions.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A message sent with this skill may be published to a Nostr relay under the generated ClawdZap identity.
The send command publishes command-line message content as a Nostr event. This is the core purpose of the skill, but it means messages should be intentionally approved before sending.
const messageContent = process.argv[2] || 'ClawdZap Ping! 🍄⚡'; ... conn.sendUTF(JSON.stringify(['EVENT', signedEvent]));
Only send content you intend to share, and confirm the recipient for direct messages before running send commands.
Anyone who obtains this key file could impersonate the ClawdZap identity and potentially decrypt messages for it.
The skill creates and stores a persistent Nostr secret key used to sign messages and decrypt DMs. This is expected for identity management, but the key is sensitive.
const keyPath = path.join(process.env.HOME, '.clawdzap_keys.json'); ... fs.writeFileSync(keyPath, JSON.stringify({ sk: hexSk }));Keep ~/.clawdzap_keys.json private, avoid sharing it, and consider restricting file permissions or encrypting the key at rest.
Installing the skill may retrieve dependency versions newer than the ones originally tested by the author.
The documented npm install will fetch third-party packages using version ranges. This is normal for a Node messaging skill, but users should be aware of dependency provenance.
"dependencies": { "nostr-tools": "^2.1.0", "websocket": "^1.0.34" }Install from a trusted environment and consider using a lockfile or pinned dependency versions if reproducibility is important.
Public relay messages may contain untrusted content, and relay-based DMs still expose metadata such as sender, recipient tag, and timing.
The receiver listens to a public Nostr relay for messages tagged clawdzap and prints their contents. This is purpose-aligned, but received text can come from unknown senders.
const relayUrl = 'wss://relay.damus.io'; ... const filter = { kinds: [1], "#t": ["clawdzap"], limit: 10 }; ... console.log(`\n💬 [${e.pubkey.slice(0,6)}] ${e.content}`);Treat received messages as untrusted input, verify sender keys for important conversations, and avoid sending highly sensitive data unless the relay and encryption tradeoffs are acceptable.