ClawHub

AgentChat

Security checks across malware telemetry and agentic risk

Overview

AgentChat appears purpose-built for Nostr messaging, but it needs review because it handles a private identity key in unsafe and under-disclosed ways.

Review before installing. Verify the exact npm package name and source, use a dedicated low-value Nostr key, avoid entering private keys in shared terminals, protect or delete `~/.agent-chat/config.json` after use, and do not send highly sensitive content unless you accept the public-relay privacy model.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation tells users to pass an `nsec` private key directly as a command-line argument, which is commonly exposed through shell history, process listings, logging, terminal scrollback, and monitoring tools. Because this is a Nostr private key used for identity and encrypted messaging, exposure can let an attacker impersonate the user, decrypt future messages available to that key context, and send malicious messages as that identity.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises encrypted DMs and file support over public Nostr relays but does not warn users that metadata, relay exposure, timing, recipient relationships, and uploaded content handling may still have privacy implications. In this context, users may incorrectly assume the system is private by default, causing them to send sensitive messages or files over infrastructure that is public and potentially monitored or retained.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The login flow persists the user's Nostr private key (`nsec`) to `~/.agent-chat/config.json` in plaintext, with no permission hardening, encryption, or explicit warning to the user. If the local machine is compromised, shared, backed up insecurely, or readable by other users/processes, the attacker can recover the private key and fully impersonate the user, decrypt direct messages, and send signed events as them.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal