Nostr

OpenClaw Nostr channel plugin for NIP-04 encrypted DMs

openclaw plugins install clawhub:@openclaw/nostr

{
  "builtWithOpenClawVersion": "2026.3.22",
  "minGatewayVersion": ">=2026.3.22",
  "pluginApiRange": ">=2026.3.22"
}

{
  "bundledSkills": [],
  "capabilityTags": [
    "executes-code",
    "channel:nostr",
    "setup"
  ],
  "channels": [
    "nostr"
  ],
  "commandNames": [],
  "configSchema": true,
  "configUiHints": false,
  "executesCode": true,
  "hooks": [],
  "httpRouteCount": 0,
  "materializesDependencies": false,
  "providers": [],
  "runtimeId": "nostr",
  "serviceNames": [],
  "setupEntry": true,
  "toolNames": []
}

{
  "hasProvenance": false,
  "scanStatus": "not-run",
  "scope": "artifact-only",
  "sourceCommit": "c4420c03243bd691dc809cd4298bd744cb58d286",
  "sourceRepo": "openclaw/openclaw",
  "sourceTag": "refs/heads/main",
  "summary": "Validated package structure and linked the release to source metadata.",
  "tier": "source-linked"
}

{
  "latest": "2026.3.22"
}

@openclaw/nostr

Nostr DM channel plugin for OpenClaw using NIP-04 encrypted direct messages.

Overview

This extension adds Nostr as a messaging channel to OpenClaw. It enables your bot to:

• Receive encrypted DMs from Nostr users
• Send encrypted responses back
• Work with any NIP-04 compatible Nostr client (Damus, Amethyst, etc.)

Installation

openclaw plugins install @openclaw/nostr

Quick Setup

1. Generate a Nostr keypair (if you don't have one):

   # Using nak CLI
   nak key generate
   
   # Or use any Nostr key generator
   

2. Add to your config:

   {
     "channels": {
       "nostr": {
         "privateKey": "${NOSTR_PRIVATE_KEY}",
         "relays": ["wss://relay.damus.io", "wss://nos.lol"]
       }
     }
   }
   

3. Set the environment variable:

   export NOSTR_PRIVATE_KEY="nsec1..."  # or hex format
   

4. Restart the gateway

Configuration

Access Control

DM Policies

• pairing (default): Unknown senders receive a pairing code to request access
• allowlist: Only pubkeys in allowFrom can message the bot
• open: Anyone can message the bot (use with caution)
• disabled: DMs are disabled

Policy enforcement happens before signature verification and NIP-04 decryption. Unknown senders in pairing mode can receive a pairing reply, but their original DM body is not processed unless approved.

Example: Allowlist Mode

{
  "channels": {
    "nostr": {
      "privateKey": "${NOSTR_PRIVATE_KEY}",
      "dmPolicy": "allowlist",
      "allowFrom": ["npub1abc...", "0123456789abcdef..."]
    }
  }
}

Testing

Local Relay (Recommended)

# Using strfry
docker run -p 7777:7777 ghcr.io/hoytech/strfry

# Configure openclaw to use local relay
"relays": ["ws://localhost:7777"]

Manual Test

1. Start the gateway with Nostr configured
2. Open Damus, Amethyst, or another Nostr client
3. Send a DM to your bot's npub
4. Verify the bot responds

Protocol Support

Security Notes

• Private keys are never logged
• Event signatures are verified before processing
• Sender policy is checked before expensive crypto work
• Inbound DMs are rate-limited and oversized payloads are dropped before decrypt
• Use environment variables for keys, never commit to config files
• Consider using allowlist mode in production

Troubleshooting

Bot not receiving messages

1. Verify private key is correctly configured
2. Check relay connectivity
3. Ensure enabled is not set to false
4. Check the bot's public key matches what you're sending to

Messages not being delivered

1. Check relay URLs are correct (must use wss://)
2. Verify relays are online and accepting connections
3. Check for rate limiting (reduce message frequency)

License

MIT