Nostr NIP-17

Code, config, and runtime instructions are consistent with a Nostr DM channel plugin; it needs access to Nostr private keys and registers a gateway HTTP handler to manage profiles, which is expected for this functionality.

This plugin appears to do what it says: run a Nostr DM channel, handle NIP-04/NIP-17, and manage per-account profiles. Before installing: (1) Only supply private keys you intend the plugin to control (the plugin reads keys from channel/plugin config and examples use env vars like NOSTR_PRIVATE_KEY); (2) note the plugin registers a gateway HTTP route that can read relays and write the profile into your channels.nostr config — that requires trusted-operator privileges, so install only from a source you trust (verify the npm/ClawHub package and repository); (3) if you plan to use per-account env vars (e.g., NOSTR_INK_PRIVATE_KEY) be explicit about where you set them — they are not enumerated in the plugin metadata; (4) if you want extra assurance, review the included source files (particularly code that calls runtime.config.writeConfigFile and the HTTP handler) to confirm no unexpected config keys are being modified.