Nostr Wallet Connect (NWC) bridge for mdk-agent-wallet, which is self-custodial Bitcoin Lightning wallet for AI agents.

Name: Nostr Wallet Connect (NWC) bridge for mdk-agent-wallet, which is self-custodial Bitcoin Lightning wallet for AI agents.
Author: kristapsk

by kristapsk · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

1002

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install agent-wallet-nwc-bridge

Description

Expose a local @moneydevkit/agent-wallet as a Nostr Wallet Connect (NIP-47) wallet-service (systemd user service).

README (SKILL.md)

agent-wallet-nwc-bridge (skill)

This skill provides a small, self-hosted Nostr Wallet Connect (NIP-47) bridge that lets an NWC client (e.g. Stacker.News) send make_invoice / pay_invoice requests to a local @moneydevkit/agent-wallet.

It is intended to be run as a systemd user service.

What you get

index.js bridge implementation
portable agent-wallet-nwc-bridge.service unit (uses %h)
installer script install_systemd_user.sh
env + state files (nwc.env, state.json) stored locally (not committed)

Requirements

Linux with systemd user services
Node.js + npm
Nostr relay access (default example uses wss://nos.lol)

Install

git clone https://github.com/kristapsk/agent-wallet-nwc-bridge
cd agent-wallet-nwc-bridge

npm install
cp -n nwc.env.example nwc.env

# initialize state + create wallet service pubkey
node index.js init --relay wss://nos.lol

# install + start as user service
./install_systemd_user.sh

# follow logs
journalctl --user -u agent-wallet-nwc-bridge.service -f

Configure

Edit nwc.env:

NWC_RELAYS — comma-separated relay list (e.g. wss://nos.lol,wss://relay.damus.io)
NWC_STATE — defaults to state.json (relative to WorkingDirectory)
NWC_AUTO_REGISTER — 0 recommended (use explicit URIs/permissions)
NWC_DEFAULT_BUDGET_SATS — default spending cap when generating URIs

Security note: state.json contains NWC connection secrets. Do not commit it.

Typical usage flow (Stacker.News)

Run the bridge.
Generate an NWC URI for receive and attach it in SN wallets UI.
Generate a separate NWC URI for send (spending permission) and attach it.
Verify end-to-end:
- SN make_invoice requests appear in bridge logs
- SN pay_invoice requests appear and result in a paid invoice

Operations

Restart after changes:

systemctl --user restart agent-wallet-nwc-bridge.service

Disable:

systemctl --user disable --now agent-wallet-nwc-bridge.service

Publishing to ClawHub

Ensure README.md, SKILL.md, and package.json are present.
Keep secrets out of git (nwc.env, state.json, node_modules/ are ignored by default).

Usage Guidance

This package implements what it claims (a Nostr Wallet Connect bridge) but pay attention to three things before installing: 1) Review and trust the agent-wallet package: index.js calls 'npx -y @moneydevkit/agent-wallet ...' at runtime, which will download/execute that package from npm if it's not present — that can run arbitrary code as your user. If you don't fully trust that package, install it locally and/or vendor/pin it instead of relying on npx. 2) Protect state.json and the working directory: state.json contains NWC secrets (private keys) and must be stored with restrictive permissions. The systemd unit grants read/write only to the project directory — ensure that directory is in your home and not world-readable. 3) Configuration and auto-registration safety: the bridge can auto-register unknown client pubkeys if NWC_AUTO_REGISTER is enabled. Keep NWC_AUTO_REGISTER off (0) and set explicit budgets to avoid accidental spending. Consider running the service in a sandboxed user account or VM if you want stronger isolation. Additional recommendations: update the registry metadata to list required env vars, audit index.js (or run with a vendored agent-wallet binary), pin npm dependencies, and monitor logs for unexpected behavior.

Capability Analysis

Type: OpenClaw Skill Name: agent-wallet-nwc-bridge Version: 1.0.0 The skill `agent-wallet-nwc-bridge` is classified as suspicious due to a potential shell injection vulnerability in `index.js`. The `runAgentWallet` function executes `npx @moneydevkit/agent-wallet` with arguments derived from user-controlled NWC request parameters. Specifically, the `description` parameter in `make_invoice` requests is passed directly to `spawnSync` without apparent sanitization, which could allow an attacker to inject and execute arbitrary shell commands. While the `agent-wallet-nwc-bridge.service` file includes hardening measures like `ProtectHome=read-only` and `ReadWritePaths` to limit write access, the underlying RCE risk remains. There is no evidence of intentional malicious behavior, data exfiltration, or prompt injection against the AI agent.

Capability Assessment

ℹ Purpose & Capability

The name/description match what the files implement: a NIP‑47 bridge that listens on Nostr relays and forwards requests to a local @moneydevkit/agent-wallet via npx. However registry metadata lists no required env vars/credentials while the SKILL.md and index.js rely on multiple environment variables (NWC_RELAYS, NWC_STATE, NWC_AUTO_REGISTER, NWC_DEFAULT_BUDGET_SATS, etc.). That metadata mismatch is incoherent and could lead to accidental misconfiguration.

⚠ Instruction Scope

SKILL.md instructs running as a systemd user service and storing secrets in state.json (documented). The bridge decrypts events from public relays and executes wallet operations by invoking 'npx @moneydevkit/agent-wallet ...' from index.js. Using npx at runtime results in downloading and executing code from the npm registry — a broader network/execution scope than simply 'talking to a local wallet' and worth attention. The code otherwise confines reads/writes to the project directory and only uses the declared state/env files.

ℹ Install Mechanism

There is no formal install spec in the registry, but an installer script (install_systemd_user.sh) runs 'npm install' in the project directory and installs a systemd user unit. Dependencies come from npm (nostr-tools). The runtime use of 'npx -y @moneydevkit/agent-wallet' will fetch and execute that package from the network if not available locally — this is expected for functionality but increases supply-chain risk compared to a pinned local dependency.

⚠ Credentials

The skill declares no required environment variables in the registry metadata, yet index.js and SKILL.md rely on several env vars (NWC_RELAYS, NWC_STATE, NWC_AUTO_REGISTER, NWC_DEFAULT_BUDGET_SATS, NWC_AUTO_REGISTER_NAME). No external service credentials are requested, which is proportionate, but the metadata omission is misleading. Also state.json stores NWC secrets (documented) — you must protect that file.

✓ Persistence & Privilege

The skill installs as a user-level systemd service (no root) and the unit limits access to the project's directory with typical hardening flags. always:false and normal autonomous invocation are set. The installer and service operate at user privilege levels only.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install agent-wallet-nwc-bridge
After installation, invoke the skill by name or use /agent-wallet-nwc-bridge
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of agent-wallet-nwc-bridge. - Exposes a local @moneydevkit/agent-wallet as a Nostr Wallet Connect (NIP-47) wallet-service. - Includes systemd user service unit and installation script for easy setup on Linux. - Supports make_invoice and pay_invoice requests from NWC clients such as Stacker.News. - Provides local storage for environment and state files; secrets are not committed to git. - Detailed configuration and usage instructions included in documentation.

Metadata

Slug agent-wallet-nwc-bridge

Version 1.0.0

License —

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is Nostr Wallet Connect (NWC) bridge for mdk-agent-wallet, which is self-custodial Bitcoin Lightning wallet for AI agents.?

Expose a local @moneydevkit/agent-wallet as a Nostr Wallet Connect (NIP-47) wallet-service (systemd user service). It is an AI Agent Skill for Claude Code / OpenClaw, with 1002 downloads so far.

How do I install Nostr Wallet Connect (NWC) bridge for mdk-agent-wallet, which is self-custodial Bitcoin Lightning wallet for AI agents.?

Run "/install agent-wallet-nwc-bridge" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Nostr Wallet Connect (NWC) bridge for mdk-agent-wallet, which is self-custodial Bitcoin Lightning wallet for AI agents. free?

Yes, Nostr Wallet Connect (NWC) bridge for mdk-agent-wallet, which is self-custodial Bitcoin Lightning wallet for AI agents. is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Nostr Wallet Connect (NWC) bridge for mdk-agent-wallet, which is self-custodial Bitcoin Lightning wallet for AI agents. support?

Nostr Wallet Connect (NWC) bridge for mdk-agent-wallet, which is self-custodial Bitcoin Lightning wallet for AI agents. is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Nostr Wallet Connect (NWC) bridge for mdk-agent-wallet, which is self-custodial Bitcoin Lightning wallet for AI agents.?

It is built and maintained by kristapsk (@kristapsk); the current version is v1.0.0.

More Skills