ClawHub

nostrkey

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned for Nostr identity management, but it asks agents to handle account-recovery secrets in chat and includes risky publishing and storage examples.

Install only if you intentionally want an agent to manage a dedicated Nostr identity. Prefer creating a fresh low-value identity, do not paste important existing seed phrases into chat, set NOSTRKEY_PASSPHRASE through a secure environment secret, replace the example passphrase, and require explicit approval before any signing or relay publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The setup flow is triggered by vague conditions like when the operator asks to set up identity or when a `.nostrkey` file is absent, without requiring a clear, explicit user consent checkpoint before generating keys, writing files, or handling sensitive recovery material. In an agent setting, broad activation criteria can cause the skill to engage unexpectedly and begin sensitive identity operations in contexts where the user did not intend it.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill includes code to publish signed events to a relay over the network but does not pair that capability with a prominent user-facing warning that data will leave the local environment and become visible to relay operators and potentially the public. In an agent workflow, silent or underexplained network transmission can expose metadata, content, and persistent identity information beyond what the operator expects.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The example persists newly generated private key material to disk using a trivial hardcoded passphrase, which can mislead users into storing long-lived cryptographic identity secrets with weak protection. In agent or shared-host environments, this increases the risk of key theft, account impersonation, and unintended long-term secret retention.

Ssd 3

High
Confidence
98% confidence
Finding
The restore/setup instructions tell the agent to ask the user to type or paste a seed phrase into chat and later re-display seed words during the setup flow. Seed phrases are equivalent to full account takeover secrets, and collecting or echoing them in chat creates durable exposure through logs, transcripts, screenshots, integrations, and model-side memory or tooling surfaces.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal