← Back to Skills Marketplace

nostrsocial

Name: nostrsocial
Author: vveerrgg

by vveerrgg · GitHub ↗ · v0.1.3 · MIT-0

cross-platform ✓ Security Clean

246

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install nostrsocial

Description

Social awareness for AI entities — contacts, trust tiers, and identity verification over Nostr

Usage Guidance

This skill appears to do what it claims, but take these precautions before installing: - Verify the package source: confirm the nostrsocial pip package matches the referenced GitHub repo (review the repository and recent releases) and that the package on PyPI (or your install source) is the legitimate project. - Resolve the install-method inconsistency: SKILL.md mentions an 'uv' install kind while metadata.json and the README show pip; prefer installing via pip only after verifying the package origin. - Never export or print private keys in production: the example calls export_secret() and prints it — treat that as a one-time secure backup flow only (copy into secure vault, do not stdout/log). Prefer using the NostrKey skill and encrypted storage rather than environment-binding NOSTR_NSEC. - Review network behavior in the package source: the skill will interact with Nostr relays (NOSTR_RELAY). Inspect the code for any unexpected network endpoints or telemetry before granting access. - Principle of least privilege: Keep NOSTR_NSEC and NOSTRKEY_PASSPHRASE protected (do not hardcode). If possible, use a secure secret manager and the suggested NostrKey skill for key handling. If you want higher confidence, request the package's PyPI URL and a link to the repository commit/tarball used for this release so you (or a reviewer) can inspect the published package contents and network calls.

Capability Analysis

Type: OpenClaw Skill Name: nostrsocial Version: 0.1.3 The nostrsocial skill provides a framework for AI agents to manage social relationships and trust tiers using the Nostr protocol. It implements contact management, identity verification, and behavioral rules (e.g., token budgets and warmth) based on relationship depth. While it handles sensitive cryptographic keys (NOSTR_NSEC), the documentation in SKILL.md and metadata.json includes explicit warnings against exposure and follows a logical, documented purpose without evidence of malicious intent, exfiltration, or unauthorized execution.

Capability Assessment

✓ Purpose & Capability

Name/description (Nostr social identity, contacts, trust tiers) align with declared dependencies (nostrkey) and optional environment variables (NOSTR_NSEC, NOSTR_RELAY, NOSTRKEY_PASSPHRASE). The examples and API surface in SKILL.md match the stated purpose.

ℹ Instruction Scope

Runtime instructions and examples stay within the skill's domain (creating an enclave, persisting relationship state, verifying identities). However, an example explicitly exports and prints a device secret (enclave.export_secret() followed by print), which is risky practice even though the docs warn to back it up securely; that example should not be used in production. File storage is limited to a user-level path (~/.entity/social.json) and the skill does not instruct reading unrelated system files or unrelated credentials.

ℹ Install Mechanism

Install is via a pip package (metadata.json and SKILL.md say pip install nostrsocial), but the SKILL.md's top-matter uses an 'uv' install kind (uv package: nostrsocial). This inconsistency is notable: 'uv' is uncommon compared to pip and should be verified. No downloads from arbitrary URLs or archives are present in the bundle; dependency on nostrkey is coherent.

✓ Credentials

Requested environment variables are appropriate and optional for a Nostr identity/relay client. Sensitive vars (NOSTR_NSEC, NOSTRKEY_PASSPHRASE) are declared and documented as sensitive. The skill does not request unrelated credentials or high-privilege system tokens.

✓ Persistence & Privilege

The skill does not request always:true or other elevated platform privileges. It persists data to a local user-specified file and recommends backing up a device secret; this is expected for an identity/contacts tool. Autonomous invocation is allowed (platform default) but not combined with other red flags.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install nostrsocial
After installation, invoke the skill by name or use /nostrsocial
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.3

Security hardening: SecretStr, sanitized exceptions, input validation

v0.1.2

Entity-aware SKILL.md — relationships as a dimension of being

v0.1.1

Standardized SKILL.md template

v0.1.0

Initial release: contacts, trust tiers, proxy npubs, conversation evaluation, cross-channel recognition, guardrails

Metadata

Slug nostrsocial

Version 0.1.3

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 4

Frequently Asked Questions

What is nostrsocial?

Social awareness for AI entities — contacts, trust tiers, and identity verification over Nostr. It is an AI Agent Skill for Claude Code / OpenClaw, with 246 downloads so far.

How do I install nostrsocial?

Run "/install nostrsocial" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is nostrsocial free?

Yes, nostrsocial is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does nostrsocial support?

nostrsocial is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created nostrsocial?

It is built and maintained by vveerrgg (@vveerrgg); the current version is v0.1.3.

More Skills