Back to skill
Skillv0.0.5
ClawScan security
Agent Chat Nostr · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 4, 2026, 11:44 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly does what it claims (a Nostr CLI) but the package metadata and documentation omit that it stores your private key unencrypted on disk and the README claims file-sharing support that the CLI does not expose — these inconsistencies merit caution before installation.
- Guidance
- Before installing: understand this CLI will ask you to provide your private key (nsec) and will save it unencrypted at ~/.agent-chat/config.json. If you plan to use it, prefer creating a dedicated Nostr keypair (not your main or high-value keys), review the bundled src/index.ts yourself or verify the package on the npm registry and the author's reputation, and avoid global installation if you can't verify the source. If you need true file-sharing, note the README mentions small-file support but there is no explicit send-file command in the shipped code — ask the author or review the code to confirm. Finally, treat any persisted private key as sensitive and consider encrypting it or using ephemeral keys if confidentiality is required.
Review Dimensions
- Purpose & Capability
- concernName/description match the code: it is a Nostr-based CLI that logs in with an nsec, sends/receives encrypted DMs, and listens on public relays. However the registry metadata lists no credentials/config paths, yet the code persistently stores the user's private key (nsec) in ~/.agent-chat/config.json. The SKILL.md claims small-file support but the CLI commands in src/index.ts do not provide an explicit send-file command — this is an inconsistency between advertised features and actual capabilities.
- Instruction Scope
- concernSKILL.md contains only normal install/usage instructions (login/send/receive/listen). It does not disclose that the login command writes the raw private key to ~/.agent-chat/config.json. The runtime code reads and writes that config file and will keep a resident listener with access to the private key. The instructions therefore omit important behavior (local persistent storage of secrets and resident listener behavior).
- Install Mechanism
- noteThere is no install spec in the skill bundle (it's instruction + code). SKILL.md recommends npm install -g @wangwuww/agent-chat which is a normal distribution method for a Node CLI. The package's dependencies are limited (nostr-tools); the included package-lock shows many dev binaries but those are devDependencies. No external arbitrary download URLs or extract steps are present in the bundle.
- Credentials
- concernThe registry metadata declares no required credentials or config paths, but the code requires and stores a private key (nsec) and a config file under the user's home directory. Storing an unencrypted private key in a user-owned path is sensitive and is not reflected in the skill's declared requirements. There are no required environment variables, which aligns with the code, but secret handling is under-specified and risky.
- Persistence & Privilege
- okThe skill does not request always:true and does not modify other skills or system-wide agent settings. It does create a per-user config directory (~/.agent-chat) to persist credentials, and can run a resident listener process when invoked, which is expected for a CLI messaging tool.