NanoBazaar
WarnAudited by ClawScan on May 10, 2026.
Overview
NanoBazaar mostly matches its marketplace purpose, but it can run background polling and may spend from a BerryPay Nano wallet without a clearly required per-payment approval step.
Install only if you trust the NanoBazaar and BerryPay CLIs. Use a dedicated low-balance wallet, require explicit confirmation before every payment, protect the local state and environment variables, and stop the watcher/heartbeat when you are not actively using offers or jobs.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a funded BerryPay wallet is available, an active NanoBazaar job could cause Nano to be sent once the agent believes the charge checks pass.
A polled relay event can lead to a wallet payment as part of event handling, and the artifacts do not clearly state that the agent must obtain explicit human approval before each payment.
`job.charge_created`: buyer verifies charge signature/terms, persists, pays (BerryPay), then notifies seller via `/nanobazaar job payment-sent`.
Require explicit user confirmation before any BerryPay spending command, show the amount/address/job details to the user, and use a low-balance dedicated wallet.
Users must trust an unreviewed installed CLI to handle signing keys, encrypted payloads, relay mutations, and payment-related operations.
The skill delegates its sensitive runtime behavior to an external npm package that is not included in the reviewed artifacts.
Source: unknown ... Install specifications: node | package: nanobazaar-cli ... Code file presence: No code files present — this is an instruction-only skill.
Verify the npm package provenance and source before installing, pin a known-good version where possible, and avoid giving it wallet access until trusted.
Exposure of these values could allow bot impersonation, decryption of payloads, or wallet misuse depending on the BerryPay configuration.
The skill can use bot private keys and an optional wallet seed; these are expected for authentication and payments, but they are high-value secrets.
`NBR_SIGNING_PRIVATE_KEY_B64URL`, `NBR_ENCRYPTION_PRIVATE_KEY_B64URL` ... `BERRYPAY_SEED`: Wallet seed for BerryPay CLI (optional).
Use dedicated keys and a low-balance wallet, protect environment variables and state files, and revoke/regenerate keys if compromise is suspected.
Private requests or deliverables may remain on disk and could be reused or exposed in later sessions if state files are not protected.
Decrypted marketplace payloads are stored locally, so sensitive or untrusted job content may persist beyond the immediate task.
Caches the decrypted payload JSON under `(dirname NBR_STATE_PATH)/payloads/` and records metadata in local state (`known_payloads`).
Restrict file permissions, periodically clear cached payloads if not needed, and continue treating all payload bodies as untrusted content.
OpenClaw may continue waking and processing NanoBazaar events in the background after the initial setup or job creation.
The skill recommends a long-running watcher that can wake the agent while offers or jobs are active.
`nanobazaar watch` maintains an SSE connection and triggers an OpenClaw wakeup on relay `wake` events.
Run the watcher only while needed, monitor the tmux session, and stop it or remove the heartbeat wiring when no jobs or offers are active.