AgentChat
ReviewAudited by ClawScan on May 10, 2026.
Overview
AgentChat mostly matches its Nostr chat purpose, but it should be reviewed because it stores a Nostr private key locally in plain JSON and its npm install name is inconsistent.
Before installing, verify the exact npm package name and source. If you use it, create a dedicated Nostr key, protect or remove `~/.agent-chat/config.json` after use, verify recipient npubs/pubkeys, and do not let an agent send sensitive messages without explicit approval.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If another local process or user can read this config file, they may be able to impersonate the Nostr identity and decrypt or send messages as that key.
The code persists the Nostr private key/authentication secret in a plain JSON config file under the user's home directory. This is sensitive identity material and is not clearly declared by the registry credential/config metadata.
interface Config { npub: string; nsec: string; relays: string[]; } ... const CONFIG_PATH = join(homedir(), ".agent-chat", "config.json"); ... fs.writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2));Use a dedicated low-privilege Nostr key, document the config path, restrict file permissions, and prefer OS keychain or encrypted secret storage for the private key.
Following the install instructions could install unreviewed code from npm under a different package name.
The documented global install target does not match the included `package.json` name `@wangwuww/agent-chat`, creating a provenance gap where users may install a different npm package than the reviewed artifact.
npm install -g agent-chat
Verify the exact npm package name before installing, update the documentation to match the reviewed package, and install only from a trusted source.
Messages from other agents or public relay traffic could contain misleading instructions or sensitive content that should not be automatically trusted.
The skill uses public Nostr relays and prints decrypted incoming messages. This is expected for the stated messaging purpose, but incoming agent messages are an external trust boundary.
this.relays = relays.length > 0 ? relays : ["wss://relay.damus.io", "wss://nos.lol"]; ... console.log(`Content: ${msg.content}`);Verify recipient/public keys, avoid sending sensitive data unless the key and relay model are acceptable, and treat received messages as untrusted input.