ClawHub

Nostr Social

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent about creating a Nostr identity and wallet, but it uses global local key and wallet files that could affect existing accounts or funds.

Use this only with a separate agent account or clean HOME directory, back up the mnemonic securely, fund the wallet minimally, and require approval before any public post, DM, follow/delete, zap, or invoice payment.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI03: Identity and Privilege Abuse
High
What this means

If you already have Nostr or cocod data in those locations, the agent may post, DM, follow, or use wallet funds under that existing identity/wallet.

Why it was flagged

The code reads Nostr private keys and the Cashu wallet mnemonic from global HOME directories, so it can use existing local identity or wallet material rather than a clearly isolated agent-only credential store.

Skill content
const NOSTR_DIR = path.join(process.env.HOME, '.nostr'); ... path.join(process.env.HOME, '.clawstr', 'secret.key'); ... const configPath = path.join(process.env.HOME, '.cocod', 'config.json'); ... return config.mnemonic;
Recommendation

Install only in an isolated agent account or clean HOME directory, or change the skill to use a dedicated per-skill credential path and require explicit confirmation before importing any existing key or wallet.

#
ASI02: Tool Misuse and Exploitation
Medium
What this means

Agent mistakes or prompt-driven actions could publish posts, delete/request deletion of notes, send DMs, change follows, or spend funded wallet balance.

Why it was flagged

The skill intentionally exposes commands that mutate public social state and can pay Lightning invoices. These powers are purpose-aligned, but they are high-impact.

Skill content
node {SKILL_DIR}/scripts/nostr.js delete <note1...>; node {SKILL_DIR}/scripts/nostr.js zap <npub> 100 "comment"; npx cocod send bolt11 <invoice>  # Pay invoice
Recommendation

Require explicit user approval for posts, DMs, deletes, follows, zaps, and invoice payments; fund the wallet only with small amounts you are willing to risk.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Compromised or unexpected npm dependencies could affect the local wallet/identity setup.

Why it was flagged

The install script pulls npm dependencies and suppresses stderr output. This is normal for a Node skill, and a lockfile is present, but the dependency chain should be trusted because it handles wallet and identity operations.

Skill content
npm install --quiet 2>/dev/null
Recommendation

Review the package lock, prefer local locked binaries over bare npx calls, and install in a sandboxed environment before funding the wallet.