Back to skill

Security audit

Archon Nostr

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it says, but it handles wallet-derived private keys with under-scoped safety guidance and unpinned downloaded code.

Install only if you intentionally want your Archon DID and Nostr identity tied to the same key. Run it only on a trusted machine, avoid or audit the curl-to-shell and unpinned npm dependency paths, treat the nsec like full account ownership, avoid logging or sharing it, and review DID updates or relay publication carefully before running those commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill’s stated purpose is key derivation, but it also instructs the user to modify their DID document and publish profile data to public Nostr relays. Those extra actions expand scope from local identity derivation to irreversible external state changes, creating privacy, integrity, and unintended disclosure risks if users follow the workflow without realizing it.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Publishing to multiple Nostr relays is not necessary to derive a Nostr keypair from an Archon DID, so this introduces unrelated network activity beyond the claimed capability. Because relay publication is public and persistent, users may unintentionally disclose identity linkage and metadata across several third-party services.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script fetches and installs npm packages at runtime into /tmp before handling wallet-derived secrets, which introduces a supply-chain and network-dependency risk outside the stated purpose of simple key derivation. Because this skill accesses a mnemonic and derives a private key, any compromised dependency or install-time script could exfiltrate highly sensitive material or tamper with the output.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Runtime npm installation is unnecessary for a secret-handling derivation script and materially expands the attack surface with remote code execution opportunities from package resolution, lifecycle scripts, or dependency compromise. In this skill's context, the danger is elevated because the script first obtains a mnemonic and then derives a reusable private key from it.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the user to output and store an `nsec`, which is a private signing key, but does not prominently warn that exposure of this value enables full account takeover and impersonation. Even with `chmod 600`, writing the secret to disk increases the chance of leakage via shell history, backups, logs, malware, or accidental disclosure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill requires `ARCHON_PASSPHRASE` to be present in the environment but provides no warning that environment variables can be exposed through process inspection, shell history, CI logs, crash reports, or inherited subprocesses. This can lead to compromise of the underlying wallet credentials used for key derivation.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script prints the derived nsec private key directly to stdout with no warning, confirmation, or secure-handling guidance. This can expose the credential to terminal history, logs, calling agents, CI systems, or other observers, and because the Nostr key is derived from the same underlying Archon wallet secret, compromise may affect identity linkage and account control beyond a single output.

External Script Fetching

Low
Category
Supply Chain
Content
- Archon wallet with existing DID
- `ARCHON_PASSPHRASE` environment variable set
- `nak` CLI: `curl -sSL https://raw.githubusercontent.com/fiatjaf/nak/master/install.sh | sh`

## Derive Keys
Confidence
98% confidence
Finding
curl -sSL https://raw.githubusercontent.com/fiatjaf/nak/master/install.sh | sh

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.