ClawHub
Bundle Pluginsource linked

Nostr NIP-17v0.1.1

OpenClaw Nostr DM channel plugin with NIP-04, NIP-17, and multi-account support

nostr-nip17·runtime nostr-nip17·by @ink-north
openclaw bundles install clawhub:nostr-nip17
Latest release: v0.1.1Download zip

Capabilities

Bundle format
portable
Tags
bundle-onlyformat:portablehost:gateway
Host targets
gateway
Runtime ID
nostr-nip17

Compatibility

Built With Open Claw Version
0.1.1
Min Gateway Version
>=2026.4.12
Plugin Api Range
>=2026.4.12
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The package is a Nostr DM plugin (NIP-04 and NIP-17) and the code uses nostr-tools and noble hashes to implement encryption, relay subscriptions, sending and receiving DMs, profile import/publish, and multi-account support. Declared dependencies and included files align with the described purpose; nothing requested by the package is unrelated to operating a Nostr channel.
Instruction Scope
SKILL.md and code operate within the stated domain: reading plugin/channel config, subscribing to relays, decrypting/unwrapping DMs, sending DMs, and updating account profile data. The plugin registers an HTTP route (/api/channels/nostr/*) that can import profiles and save the profile into channels.nostr via runtime.config.writeConfigFile — this is within the plugin's stated feature set but is a privileged action (see persistence_privilege).
Install Mechanism
No remote download/extract install spec is present; package.json shows standard npm packaging with dependencies on nostr-tools and @noble/hashes, which are appropriate and expected. There are no suspicious external URLs or archive extracts in the manifest.
Credentials
The plugin requires access to Nostr private keys (examples use ${NOSTR_PRIVATE_KEY} and per-account variables like ${NOSTR_INK_PRIVATE_KEY}). openclaw.plugin.json declares nostr channelEnvVars: ["NOSTR_PRIVATE_KEY"], which is appropriate. However, SKILL.md examples show additional per-account env var names (e.g., NOSTR_INK_PRIVATE_KEY) that are not declared in plugin metadata — administrators should ensure they understand where account private keys will be supplied and stored. No unrelated secrets or external credentials are requested.
Persistence & Privilege
The plugin registers a gateway HTTP route with auth 'gateway' and gatewayRuntimeScopeSurface 'trusted-operator' and uses runtime.config.writeConfigFile to persist profile data into the host config (channels.nostr.profile). This elevated gateway scope is consistent with the plugin's profile-import/save feature but is a privileged capability — install only if you trust the plugin and operator environment.
Assessment
This plugin appears to do what it says: run a Nostr DM channel, handle NIP-04/NIP-17, and manage per-account profiles. Before installing: (1) Only supply private keys you intend the plugin to control (the plugin reads keys from channel/plugin config and examples use env vars like NOSTR_PRIVATE_KEY); (2) note the plugin registers a gateway HTTP route that can read relays and write the profile into your channels.nostr config — that requires trusted-operator privileges, so install only from a source you trust (verify the npm/ClawHub package and repository); (3) if you plan to use per-account env vars (e.g., NOSTR_INK_PRIVATE_KEY) be explicit about where you set them — they are not enumerated in the plugin metadata; (4) if you want extra assurance, review the included source files (particularly code that calls runtime.config.writeConfigFile and the HTTP handler) to confirm no unexpected config keys are being modified.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/Ink-North/nostr-nip17-plugin
Commit
e824a82e04ee
Tag
e824a82e04eea27aa7a237b7feeeca9bead3e0d1
Provenance
No
Scan status
clean

Tags

latest
0.1.1

Nostr NIP-17 for OpenClaw

OpenClaw channel plugin for Nostr direct messages with support for both legacy NIP-04 DMs and modern NIP-17 gift-wrapped DMs.

Features

  • inbound and outbound NIP-04 direct messages
  • inbound and outbound NIP-17 gift-wrapped direct messages
  • multi-account support under plugins.entries.nostr-nip17.config.accounts
  • standard OpenClaw pairing and DM policy integration
  • plugin-owned relay subscriptions per configured account

Install

ClawHub

Install from ClawHub when published.

npm

npm install @openclaw/nostr-nip17

Minimum host version

  • OpenClaw 2026.4.12 or newer

Config

Default account stays in channels.nostr. Additional accounts live under the plugin entry.

{
  "channels": {
    "nostr": {
      "enabled": true,
      "name": "Cody",
      "privateKey": "${NOSTR_PRIVATE_KEY}",
      "relays": ["wss://relay.damus.io", "wss://nos.lol"],
      "dmPolicy": "allowlist",
      "allowFrom": ["npub1..."]
    }
  },
  "plugins": {
    "entries": {
      "nostr-nip17": {
        "enabled": true,
        "config": {
          "accounts": {
            "ink": {
              "enabled": true,
              "name": "Ink",
              "privateKey": "${NOSTR_INK_PRIVATE_KEY}",
              "relays": ["wss://relay.damus.io", "wss://nos.lol"],
              "dmPolicy": "allowlist",
              "allowFrom": ["npub1..."],
              "nip04Enabled": true,
              "nip17Enabled": true,
              "outboundMode": "nip17"
            }
          }
        }
      }
    }
  }
}

Release notes

This package is intended to ship as a bundled channel entry using OpenClaw's plugin SDK imports only.