nse-orchestrator
ReviewAudited by ClawScan on May 10, 2026.
Overview
No malware or exfiltration is visible in the provided artifacts, but the skill deserves review because it can be wired to identity keys, wallet payments, persistent memory, and broad action routing through an external package.
Install only if you trust the external nse-orchestrator package and understand the enabled pillars. Start with test identities and limited wallets, require manual confirmation for money or public/account-changing actions, and verify memory storage, deletion, and redaction behavior before using it with sensitive data.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured broadly, the skill could influence or mediate many agent actions across accounts, memory, calendar, social, and wallet contexts.
This is very broad action-routing authority. The visible artifacts do not define concrete approval gates, limits, or rollback behavior for high-impact actions.
Every action you take passes through NSE. Every LLM response gets scored. ... Every action, response, and interaction flows through a central nerve center
Use explicit confirmation policies for payments, public posts/profile updates, calendar changes, and memory writes; avoid enabling all pillars until their behavior is reviewed.
If the passphrase is provided to untrusted or misconfigured code, the agent’s Nostr identity could be used to sign, decrypt, or act as that identity.
Decrypting an agent identity file is privileged credential access. The artifacts do not specify the identity-file path, credential lifetime, allowed signing/decryption operations, or output boundaries.
"NOSTRKEY_PASSPHRASE": { "description": "Passphrase to decrypt the agent's identity file (needed if Identity pillar is active)", "required": false, "sensitive": true }Only provide this passphrase to a package and environment you trust; consider a separate low-risk identity for testing and verify how the installed package handles the passphrase.
A mistaken or overbroad configuration could allow payment-related actions to affect real funds.
Wallet access is disclosed and purpose-aligned, but moving real value is high impact and the supplied artifacts do not show payment limits or required human confirmation.
Lightning payments via NIP-47. This gives you the ability to send and receive sats — real value transfer
Use a limited wallet connection, set spending caps where possible, and require explicit user confirmation before any payment or wallet mutation.
Sensitive facts, journal entries, or poisoned context could persist and be reused later if the memory pillar is enabled.
Persistent memory is part of the intended design and is described as encrypted, but it can retain sensitive context across sessions and remote relays.
sense-memory gives you encrypted persistent storage on Nostr relays — key-value facts and a private journal
Understand what is stored, how to delete or rotate it, and avoid saving secrets or untrusted instructions as long-term memory.
The real behavior depends on the package downloaded during installation, not just the reviewed instruction files.
The skill installs an external package, while the supplied manifest says no code files are present for static review. This is expected for a package-based skill but limits verification of runtime behavior.
uv | package: nse-orchestrator
Verify the package provenance, repository, version, and source before installing, especially before connecting identity keys or wallet access.
Users might over-trust the redaction claim and route sensitive information through the skill without verifying how redaction works.
The skill makes a privacy/safety claim about automatic redaction, but no implementation code is included in the provided artifacts to substantiate it.
Signal routing — Every action, response, and interaction flows through a central nerve center with automatic redaction of sensitive data.
Do not rely on automatic redaction until you have reviewed or tested the installed package’s actual redaction behavior.