← Back to Skills Marketplace
105
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install sigil-nostr
Description
Nostr P2P messaging gateway for AI agents. Send and receive E2E encrypted messages via the Nostr protocol. Enables your agent to be reachable from Sigil Mess...
Usage Guidance
This skill appears to do what it says (a Nostr bridge), but exercise caution before installing. Key points:
- Do not run the Node bridge in 'hermes' mode unless you trust all senders: the bridge constructs a shell command from incoming messages and only escapes quotes, which allows command substitution/injection.
- Prefer the Rust hermes_bridge example (recommended by the author) for production; the Node script is documented as a reference implementation.
- The skill will create and store private keys at ~/.sigil/*.key and an access JSON; ensure you understand and protect those files (use passphrase encryption if supported).
- The SKILL.md recommends running cargo install from a GitHub repo — verify the repo and review its code before building.
- If you want to use this, run it in a restricted environment (container or VM), review/patch the execSync call to avoid shell interpolation (use child_process.execFile or pass args as an array), and ensure a strict whitelist for authorized npubs.
Capability Assessment
Purpose & Capability
The skill's name/description (Nostr P2P gateway for AI agents) aligns with the included SKILL.md and bridge.js which create keys, talk to relays, and forward messages. It legitimately needs to read/write ~/.sigil and call sigil-cli/cargo for key generation. Minor inconsistency: the runtime references environment variables (SIGIL_RELAY, SIGIL_AGENT, SIGIL_MODE, SIGIL_OWNER) but the registry metadata lists no required env vars.
Instruction Scope
The SKILL.md and bridge.js instruct the agent to create persistent key files (~/.sigil/*.key and access.json) and to forward incoming DMs to the agent. However the Node bridge uses execSync to run external CLIs with content derived from incoming messages (hermes chat -q "<message>"). The code only escapes double quotes and invokes a shell; command-substitution/expansion (e.g. $(...), `...`, $VAR) can still be interpreted by the shell, so an attacker-supplied message could cause arbitrary command execution when the bridge is run in hermes mode. The instructions don't mention this injection risk or mitigate it.
Install Mechanism
There is no formal install spec (instruction-only skill). The SKILL.md asks users to run cargo install from a GitHub repo which is a common but non-trivial operation (building and running code fetched from upstream). This is a moderate-risk action because it builds and installs third-party code from a repository; the Node bridge itself does not auto-install extra packages.
Credentials
No credentials are requested in the registry metadata, and the skill does not request unrelated cloud credentials. It does read/write private key material to ~/.sigil (expected for a messaging bridge). The SKILL.md and bridge.js reference several optional env vars (SIGIL_RELAY, SIGIL_AGENT, SIGIL_MODE, SIGIL_OWNER) but these were not declared in the skill metadata — this mismatch should be documented for users who rely on declared requirements.
Persistence & Privilege
The bridge creates persistent files in the user's home (~/.sigil/*.key and access.json) which is consistent with its purpose. However, combined with the execSync usage, this creates a higher blast radius: if the agent or bridge autonomously processes incoming messages (the skill is user-invocable and model-invocation is enabled by default), a crafted message could trigger command execution on the host. The skill does not require always:true (good), and it does not modify other skills' configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sigil-nostr - After installation, invoke the skill by name or use
/sigil-nostr - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
Added client connection guide: iPhone, CLI, Mac, Damus interop, QR sharing
v0.1.0
Initial release: Nostr P2P messaging skill for OpenClaw and Hermes agents. E2E encrypted, personal/service modes, TUI components.
Metadata
Frequently Asked Questions
What is Sigil Nostr — P2P Encrypted Messaging for AI Agents?
Nostr P2P messaging gateway for AI agents. Send and receive E2E encrypted messages via the Nostr protocol. Enables your agent to be reachable from Sigil Mess... It is an AI Agent Skill for Claude Code / OpenClaw, with 105 downloads so far.
How do I install Sigil Nostr — P2P Encrypted Messaging for AI Agents?
Run "/install sigil-nostr" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Sigil Nostr — P2P Encrypted Messaging for AI Agents free?
Yes, Sigil Nostr — P2P Encrypted Messaging for AI Agents is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Sigil Nostr — P2P Encrypted Messaging for AI Agents support?
Sigil Nostr — P2P Encrypted Messaging for AI Agents is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Sigil Nostr — P2P Encrypted Messaging for AI Agents?
It is built and maintained by lmanchu (@lmanchu); the current version is v0.1.1.
More Skills