← Back to Skills Marketplace

Dagny Nostr (nak)

Name: Dagny Nostr (nak)
Author: edwardbickerton

by edwardbickerton · GitHub ↗ · v0.1.4

cross-platform ⚠ suspicious

713

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install dagny-nostr-nak

Description

Manage Nostr posting and engagement via the nak CLI. Use for creating notes, replying in threads, tagging npubs, checking replies/mentions, monitoring a rela...

README (SKILL.md)

Nostr (nak)

Overview

Use nak for all Nostr actions: publish notes, reply in threads, and query relays for replies/mentions. Default relay: wss://relay.primal.net unless the user specifies another.

Install / Update nak

Repo: https://github.com/fiatjaf/nak
Install (script): curl -sSL https://raw.githubusercontent.com/fiatjaf/nak/master/install.sh | sh
Update: re-run the install script above (it installs latest)
Tip: review the script before running if you want to audit what it does.

Onboarding (keys)

Generate a new key: nak key generate (prints nsec + npub)
Save the secret: store NOSTR_SECRET_KEY in a shell profile or a local .env with restricted permissions.
- Example: export NOSTR_SECRET_KEY="nsec1..."
- Optional: chmod 600 .env if you store it locally.
- Prefer env vars over inline --sec in commands.

Quick Start (common tasks)

Post a note: nak event -k 1 --sec $NOSTR_SECRET_KEY -c "..." \x3Crelay>
Reply to a note: include root and reply tags (see below)
Check replies: nak req -k 1 -e \x3Cevent_id> -l \x3CN> \x3Crelay>
Check mentions: nak req -k 1 -p \x3Cyour_pubkey_hex> -l \x3CN> \x3Crelay>

Workflow: Posting & Replies

1) Create a new note

Build content.

Publish:

nak event -k 1 --sec $NOSTR_SECRET_KEY -c "\x3Ccontent>" wss://relay.primal.net

2) Reply to a reply (correct threading)

Always include both root and reply tags so clients display it as a reply:

root = original top‑level note id
reply = the specific note you’re replying to

Use -t e="\x3Cid>;\x3Crelay>;root" and -t e="\x3Cid>;\x3Crelay>;reply".

Example:

nak event -k 1 --sec $NOSTR_SECRET_KEY \
  -t e="\x3Croot_id>;wss://relay.primal.net;root" \
  -t e="\x3Creply_id>;wss://relay.primal.net;reply" \
  -p \x3Cother_pubkey_hex> \
  -c "\x3Creply content>" \
  wss://relay.primal.net

3) Check for replies to a note

nak req -k 1 -e \x3Croot_id> -l 20 wss://relay.primal.net

4) Check mentions of your pubkey

nak req -k 1 -p \x3Cyour_pubkey_hex> -l 20 wss://relay.primal.net

Conventions

Default relay: wss://relay.primal.net
Prefer NOSTR_SECRET_KEY env var instead of inline --sec.
When tagging users, include -p \x3Cnpub/hex>.
For human-facing links, encode with nak encode nevent ... and format as https://primal.net/e/\x3Cnevent>.

References

Use nak event --help and nak req --help for flag details.

Usage Guidance

Before installing or using this skill: (1) Recognize that SKILL.md requires your NOSTR_SECRET_KEY but the registry metadata did not declare it — treat this as an omission. Only provide the nsec if you understand it grants posting/signing ability for your identity. (2) Do NOT run the curl | sh installer without review — the script is unpinned from GitHub master; prefer a pinned release, checksum, or package from a trusted distro, and inspect the script first. (3) Prefer exporting NOSTR_SECRET_KEY into a securely permissioned environment (chmod 600) rather than passing it inline with --sec to avoid leakage in shell history or process lists. (4) Verify you trust the default relay (wss://relay.primal.net) or specify a relay you control. (5) Ask the skill author/registry maintainer to update metadata to declare NOSTR_SECRET_KEY as a required credential and to provide a safer, pinned installation method (release tarball, package, or commit SHA). If you cannot verify the installer or are uncomfortable exposing the secret, do not install/run the skill.

Capability Analysis

Type: OpenClaw Skill Name: dagny-nostr-nak Version: 0.1.4 The `SKILL.md` instructs the agent to install the `nak` CLI tool using a `curl | sh` pipeline (`curl -sSL https://raw.githubusercontent.com/fiatjaf/nak/master/install.sh | sh`). This method executes arbitrary remote code without prior review, posing a significant supply chain risk and remote code execution vulnerability. While the stated purpose is to install a legitimate tool, this practice is inherently insecure and could be exploited if the remote source (GitHub repository or CDN) were compromised.

Capability Assessment

⚠ Purpose & Capability

The SKILL.md and description explicitly require access to NOSTR_SECRET_KEY (nsec) for signing/publishing, but the registry metadata lists no required environment variables or primary credential. This mismatch is incoherent: the skill does need a secret key to function but the metadata doesn't declare it.

ℹ Instruction Scope

The runtime instructions stay within the stated purpose (publishing, replying, querying relays) and do not ask the agent to read unrelated system files. They do, however, instruct running a remote install script and recommend storing a secret in shell profiles or .env files — actions that require caution (see install and env notes).

⚠ Install Mechanism

Although the skill is instruction-only, the SKILL.md tells users to install nak via: curl -sSL https://raw.githubusercontent.com/fiatjaf/nak/master/install.sh | sh. Downloading and piping an unpinned installer from a raw GitHub master branch and executing it is high-risk: the script could change, and there is no pinned release or checksum. This is a non-trivial install risk.

⚠ Credentials

The only secret logically required is the NOSTR_SECRET_KEY, which the instructions repeatedly reference and recommend exporting; but that env var is not declared in the skill metadata. There are no other env vars or credentials requested, which is proportionate — except for the metadata omission and the guidance that suggests storing secrets in profiles/.env (which can be misconfigured and accidentally expose the key). Also the examples show inline --sec usage which can expose secrets in logs/history.

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills, and does not declare system config path access. Its runtime behavior (invoking nak and talking to relays) aligns with its purpose and does not request elevated agent-wide privileges.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install dagny-nostr-nak
After installation, invoke the skill by name or use /dagny-nostr-nak
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.4

Restore install script; declare NOSTR_SECRET_KEY requirement in description.

v0.1.3

Reduce security flags: prefer manual release install, add secret-handling guidance.

v0.1.2

Fix nak install/update instructions (script install).

v0.1.1

Add nak install/update instructions and key onboarding.

v0.1.0

Initial release: posting, replies, mentions, relay checks via nak.

Metadata

Slug dagny-nostr-nak

Version 0.1.4

License —

All-time Installs 0

Active Installs 0

Total Versions 5

Frequently Asked Questions

What is Dagny Nostr (nak)?

Manage Nostr posting and engagement via the nak CLI. Use for creating notes, replying in threads, tagging npubs, checking replies/mentions, monitoring a rela... It is an AI Agent Skill for Claude Code / OpenClaw, with 713 downloads so far.

How do I install Dagny Nostr (nak)?

Run "/install dagny-nostr-nak" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Dagny Nostr (nak) free?

Yes, Dagny Nostr (nak) is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Dagny Nostr (nak) support?

Dagny Nostr (nak) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Dagny Nostr (nak)?

It is built and maintained by edwardbickerton (@edwardbickerton); the current version is v0.1.4.

More Skills