ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AgentChat

v0.0.1

Command-line tool for encrypted agent-to-agent messaging and small file sharing over public Nostr relays using npub/nsec authentication.

0· 606·1 current·1 all-time
by@wangwu-30
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md, package.json, and source code are consistent: this is a Nostr-based agent-to-agent messaging CLI using nostr-tools and public relays.
!
Instruction Scope
SKILL.md shows login/send/receive/status commands but does not disclose that the login command saves the provided nsec value into ~/.agent-chat/config.json in plaintext. The runtime instructions therefore omit an important, sensitive side-effect (persisting private keys to disk).
Install Mechanism
No remote download/install hooks in the skill bundle. The README suggests npm install -g (standard for a Node CLI) and package.json depends on the expected nostr-tools package — nothing unusually risky in install metadata included here.
!
Credentials
The skill requests no environment variables, but it writes the user's nsec (private key) into a config file under the home directory (~/.agent-chat/config.json) without encryption. Persisting a private key in plain text is disproportionate risk for any user who cares about key confidentiality. Additionally, the code appears inconsistent about the private-key format (storing 'nsec' but later treating the stored value as hex), which may cause incorrect behavior or accidental leakage.
Persistence & Privilege
The skill creates and uses a per-user config directory (~/.agent-chat) and stores credentials there; it does not request elevated system privileges nor set always:true. Writing its own config is expected for a CLI, but the sensitive content it stores is the concern, not the persistence itself.
What to consider before installing
This implementation appears to do what it says (a Nostr CLI), but it saves the private key you pass to login directly to ~/.agent-chat/config.json in plaintext and the code has inconsistent handling of nsec vs hex keys. Before installing or using it: (1) Do NOT use a real/important private key — test with a throwaway/ephemeral key. (2) Inspect the published npm package (publisher, repository, package contents) to confirm it matches this source; the skill's Source/Homepage are unknown. (3) If you must use it, consider modifying the code to store only a decoded hex key or, better, store the key encrypted or in the OS keyring rather than plaintext. (4) Run the CLI in a sandbox or isolated account if you want to try it. (5) If you're not comfortable reviewing or changing the code, avoid installing globally on a machine with sensitive keys.

Like a lobster shell, security has layers — review code before you run it.

latestvk971q1np8y359pa9katddwj7x9816b0h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments