Nostr Social
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill matches its Nostr wallet/social purpose, but it gives the agent high-impact control over persistent keys, wallet funds, public posts, DMs, and zaps from broad home-directory credential paths.
Install only if you intentionally want your agent to have its own Nostr identity and wallet. Use an isolated account or dedicated wallet, back up the seed securely, keep balances small, verify which npub is being used, and require approval before any public post, DM, zap, or payment.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these files already contain a real wallet or identity, the agent may derive or use that identity and wallet authority, including funds and public account actions.
The CLI reads a Cashu wallet mnemonic and Nostr secret-key files from global home-directory locations, including an alternate .clawstr key path that may already exist.
const configPath = path.join(process.env.HOME, '.cocod', 'config.json'); ... return config.mnemonic; ... path.join(process.env.HOME, '.clawstr', 'secret.key')
Use a dedicated OS profile or isolated wallet/key directory, verify the npub before use, keep only limited funds in the wallet, and do not install if you are uncomfortable with agent access to these files.
An autonomous or mistaken agent action could publish content, send DMs, change social state, or spend available wallet balance.
The skill exposes public posting, DMs, delete events, zaps, and invoice payment commands. Setup consent is documented, but the ongoing high-impact actions are not bounded by explicit per-action approval or spending limits.
- **Nostr posting** — Posts, DMs, zaps as the agent's identity ... node {SKILL_DIR}/scripts/nostr.js delete <note1...> ... npx cocod send bolt11 <invoice>Require explicit user approval for each post, DM, zap, and payment; set low wallet balances; and review generated content before it is published.
Installing the skill pulls local dependencies that the agent will rely on for wallet and Nostr operations.
The skill installs Node dependencies from npm during setup. This is purpose-aligned and a package-lock file is provided, but users should still know that third-party package code is installed.
cd "$SKILL_DIR/scripts" npm install --quiet 2>/dev/null
Install only from a trusted source, review the package-lock if needed, and run setup in an isolated environment if you want stronger containment.
Posts and profile updates may be replicated across relays, and incoming messages or mentions should be treated as untrusted content.
The skill publishes Nostr events to multiple public relays and reads social data from the Nostr network, which is expected for this integration but involves untrusted peers and public propagation.
const RELAYS = [ 'wss://relay.damus.io', 'wss://nos.lol', ... ]; ... await Promise.any(pool.publish(RELAYS, event));
Do not include secrets in posts or DMs, and review important actions that are triggered by Nostr messages.