ClawHub

Nostr Nak

v1.0.2

General purpose skill for using the Nostr Army Knife (nak) CLI tool with PTY support.

0· 1k·0 current·0 all-time
by@samthomson
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill is an instruction-only helper for the 'nak' (Nostr Army Knife) CLI: relay defaults, PTY wrapper, and flag usage match the stated purpose. Minor metadata oddities exist in manifest.json (homepage points to an unrelated repo and tags include 'iot'), and the manifest version (1.0.1) doesn't match the registry version (1.0.2), but these do not contradict the core purpose.
Instruction Scope
SKILL.md stays on-topic (how to wrap 'nak' with a PTY, relay defaults, how to pass identities). It does instruct using nsec (private) keys or hex private keys on the nak command line, which is functional but is a security risk because command-line arguments can be exposed via process listings or shell history. The instructions do not direct the agent to read unrelated files, environment variables, or contact endpoints outside the listed relays.
Install Mechanism
No install spec and no bundled code — instruction-only. This minimizes risk because nothing is written or executed by the skill itself.
Credentials
The skill requests no environment variables or credentials (proportional). However, it explicitly advises passing private keys on the command line for posting, which is sensitive. The skill itself does not request or store secrets but its recommended usage can expose them if the user follows the example literally.
Persistence & Privilege
always is false and there is no install, so the skill does not request elevated persistence or system-wide changes. The skill can be invoked by the agent (default), which is expected for user-invocable skills.
Assessment
This skill is an instruction-only helper for the 'nak' CLI and appears to do what it claims. Before installing/using: (1) ensure you trust the source — manifest metadata (homepage and tags) looks slightly off and the manifest version differs from the registry version; (2) make sure the 'nak' CLI is installed on your system — this skill only provides usage instructions; (3) avoid passing your nsec (private) key on the command line as shown in examples (command-line args can be seen by other processes and may be stored in shell history). Prefer using secure key storage (files with tight permissions, agent secret store, or prompting stdin), or other nak options that accept keys via files or stdin; (4) verify and be comfortable with the default relays the skill suggests; (5) if you need stronger assurance, run the agent/skill in a restricted environment or test with throwaway keys first.

Like a lobster shell, security has layers — review code before you run it.

latestvk975rt7dyy02j2tbc27h4cm2z980v6s1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments