Skillv0.0.1

ClawScan security

AgentChat · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 15, 2026, 6:19 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill implements a Nostr CLI that matches its description, but it stores the user's private key unencrypted in ~/.agent-chat/config.json, has inconsistent handling of nsec vs hex keys, and the SKILL.md does not disclose this sensitive behavior — review before installing or using real keys.
Guidance: This implementation appears to do what it says (a Nostr CLI), but it saves the private key you pass to login directly to ~/.agent-chat/config.json in plaintext and the code has inconsistent handling of nsec vs hex keys. Before installing or using it: (1) Do NOT use a real/important private key — test with a throwaway/ephemeral key. (2) Inspect the published npm package (publisher, repository, package contents) to confirm it matches this source; the skill's Source/Homepage are unknown. (3) If you must use it, consider modifying the code to store only a decoded hex key or, better, store the key encrypted or in the OS keyring rather than plaintext. (4) Run the CLI in a sandbox or isolated account if you want to try it. (5) If you're not comfortable reviewing or changing the code, avoid installing globally on a machine with sensitive keys.

Review Dimensions

Purpose & Capability: okName, description, SKILL.md, package.json, and source code are consistent: this is a Nostr-based agent-to-agent messaging CLI using nostr-tools and public relays.
Instruction Scope: concernSKILL.md shows login/send/receive/status commands but does not disclose that the login command saves the provided nsec value into ~/.agent-chat/config.json in plaintext. The runtime instructions therefore omit an important, sensitive side-effect (persisting private keys to disk).
Install Mechanism: okNo remote download/install hooks in the skill bundle. The README suggests npm install -g (standard for a Node CLI) and package.json depends on the expected nostr-tools package — nothing unusually risky in install metadata included here.
Credentials: concernThe skill requests no environment variables, but it writes the user's nsec (private key) into a config file under the home directory (~/.agent-chat/config.json) without encryption. Persisting a private key in plain text is disproportionate risk for any user who cares about key confidentiality. Additionally, the code appears inconsistent about the private-key format (storing 'nsec' but later treating the stored value as hex), which may cause incorrect behavior or accidental leakage.
Persistence & Privilege: noteThe skill creates and uses a per-user config directory (~/.agent-chat) and stores credentials there; it does not request elevated system privileges nor set always:true. Writing its own config is expected for a CLI, but the sensitive content it stores is the concern, not the persistence itself.