Openclaw Nostr 2026.5.12 Beta.6.Tgz

Package: @openclaw/nostr (npm) Version: 2026.5.7 Description: OpenClaw Nostr channel plugin for NIP-04 encrypted DMs This package is a professional, security-focused plugin implementing a Nostr channel for the OpenClaw ecosystem, specializing in NIP-04 encrypted direct messages (DMs) and NIP-01 profile management. The code utilizes standard Nostr cryptographic libraries (`nostr-tools`) for key management, event signing/verification, and NIP-04 encryption/decryption. Security measures are robust, including extensive input validation, rate limiting, circuit breakers for relay resilience, and pre-crypto policy enforcement (dmPolicy: pairing, allowlist, open) on inbound messages. The runtime environment includes mechanisms to securely handle private keys (relying on OpenClaw's secrets management, not logging them), prevent replay attacks using persistent state tracking and in-memory LRU caches, and mitigate SSRF vulnerabilities when handling profile picture/website URLs via strict `https:` enforcement and internal hostname blocking checks (`isBlockedHostnameOrIp`). Access to the profile management HTTP API (`/api/channels/nostr/account/profile`) is restricted by strong loopback guards and required gateway runtime scopes (`operator.admin`), preventing remote configuration tampering. All functionality aligns with the stated goal of providing a secure and durable decentralized messaging channel.