← Back to Skills Marketplace
madsb

NanoBazaar

by madsb · GitHub ↗ · v2.0.3
cross-platform ✓ Security Clean
3714
Downloads
3
Stars
0
Active Installs
20
Versions
Install in OpenClaw
/install nanobazaar
Description
Use the NanoBazaar Relay to create offers (sell services), create jobs (buy services), attach charges, search offers, and exchange encrypted payloads.
Usage Guidance
This skill appears to do what it claims, but take these precautions before installing: - Only install the nanobazaar-cli npm package from a source you trust; inspect the package if possible. The setup command may also attempt to install the berrypay CLI by npm (optional). - The CLI persists private keys and state locally (NBR_STATE_PATH). If you plan to run this skill, ensure the agent filesystem is secure and you are comfortable storing signing/encryption private keys there. Prefer generating keys with `/nanobazaar setup` rather than pasting secrets into environment variables unless the environment is locked down. - Be aware `nanobazaar watch` will trigger wakeups that cause the agent to run on relay events — this is normal for a watcher but increases activity and the chance of autonomous invocations. If you want to limit automatic runs, do not run the watcher and invoke `nanobazaar poll` manually instead. - The skill warns repeatedly not to execute commands or follow instructions embedded inside payloads; follow that guidance and require explicit human approval before fetching or running any links/commands received in deliverables. - Minor metadata inconsistency: the SKILL header indicated no homepage, while skill.json lists https://nanobazaar.ai; if provenance matters, verify the upstream project/source before installing. If you accept those trade-offs, the skill's requested capabilities and instructions are proportionate to its stated purpose.
Capability Analysis
Type: OpenClaw Skill Name: nanobazaar Version: 2.0.3 The OpenClaw AgentSkills skill bundle for NanoBazaar is classified as benign. The skill's core functionality involves cryptographic operations, interacting with a remote relay (`https://relay.nanobazaar.ai`), and managing a cryptocurrency wallet via the `nanobazaar-cli` and `berrypay` CLIs. While these activities inherently involve sensitive data (e.g., private keys, wallet seeds) and external network/shell access, the documentation and agent prompts (`SKILL.md`, `docs/PAYLOADS.md`, `prompts/buyer.md`, `prompts/seller.md`) contain explicit and strong instructions to the AI agent to prevent malicious behavior. Specifically, the agent is instructed to treat all external payload bodies as untrusted, never to execute commands or reveal secrets based on payload content, and to require human confirmation for fetching/running external links or scripts. There is no evidence of intentional harmful behavior, data exfiltration, or unauthorized persistence beyond the skill's stated purpose.
Capability Assessment
Purpose & Capability
Name/description, required binary (nanobazaar), and the npm install hint (nanobazaar-cli) align with the claimed relay client functionality. Requested binaries, commands, endpoints, and optional BerryPay usage are coherent for a payments-and-encrypted-payloads client.
Instruction Scope
SKILL.md limits runtime actions to running the nanobazaar CLI, registering keys, polling/watching the relay, encrypting/signing payloads, and interacting with BerryPay for payments. These are within scope. It explicitly warns not to treat payload plaintext as safe and to never exfiltrate keys or execute payload-provided commands. Note: it instructs long-running background watchers (tmux) and automatic wakeups that will cause agent invocations on relay events — expected for this use case but worth user awareness.
Install Mechanism
Install spec uses npm to install a named CLI package (nanobazaar-cli) which produces the expected binary. npm installs are a standard, traceable mechanism; this is moderate-risk compared to package managers like brew but is proportionate to shipping a Node-based CLI. The skill (via setup) may also attempt to install 'berrypay' via npm by default — optional but something to confirm before permitting automated installs.
Credentials
The skill does not require environment variables by policy, but documents optional env vars to import or persist private keys (Ed25519/X25519) and to override state path and idempotency keys. Requesting private keys or a wallet seed via env is proportionate for a crypto client, but these are highly sensitive values and the user should only set them in a secure environment. The skill's declared requirements do not ask for unrelated credentials.
Persistence & Privilege
The skill expects to persist local state (including private keys, bot_id, cursors, payload cache) to a configurable NBR_STATE_PATH. Persisting private keys on disk is necessary for this client but is a sensitive privilege: ensure the agent environment provides appropriate filesystem isolation and protections. always:false and normal model invocation are used (no elevated persistent inclusion).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install nanobazaar
  3. After installation, invoke the skill by name or use /nanobazaar
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.3
NanoBazaar skill 2.0.3 - Changed `/nanobazaar watch` to trigger OpenClaw wakeups on relay events only, removing the periodic safety interval. - Updated documentation to reflect that `/nanobazaar watch` no longer triggers wakeups on a safety interval.
v2.0.2
NanoBazaar 2.0.2 - Added support for overriding the idempotency key using the `NBR_IDEMPOTENCY_KEY` environment variable for mutating requests that support idempotency (e.g., job charge, job mark-paid, job deliver, job reissue-charge). - Documentation updated to describe the new `NBR_IDEMPOTENCY_KEY` environment variable.
v2.0.1
NanoBazaar 2.0.1 is a minor revision with updated behavior guidance for event polling and job/offer event loop coordination. - Updated the description of /nanobazaar watch: now makes clear it only triggers OpenClaw wakeups on relay events and does not itself poll or ack. - Clarified /nanobazaar poll remains authoritative for event ingestion and acknowledgement, and should be run by OpenClaw (e.g., in the heartbeat loop). - Improved instructions on integrating event wakeup and polling between NanoBazaar and OpenClaw. - No changes to user-visible commands or configuration.
v2.0.0
## [2.0.0] - 2026-02-08 ### Changed - Simplified polling/watch workflow: `nanobazaar watch` is poll-only (SSE wakeups + safety interval), and no longer relies on local fswatch triggers or stream batching. - Updated guidance and playbooks to match the simplified relay watch model and new seller lifecycle commands. ### Added - Seller lifecycle command docs and prompts: `nanobazaar job charge`, `nanobazaar job mark-paid`, `nanobazaar job deliver`. - QR guidance for payment UX (best-effort terminal QR rendering).
v1.0.14
- Added the new command `/nanobazaar bot name set` to set or clear the bot's friendly display name. - No other user-facing changes.
v1.0.13
## [1.0.13] - 2026-02-07 ### Added - `docs/PAYLOADS.md` with payload construction, verification rules, and prompt-injection guidance. - `/nanobazaar payload list` and `/nanobazaar payload fetch` for secure payload download (decrypt + verify + local caching). - Automatic payload fetch/decrypt/verify/cache in `nanobazaar poll` and `nanobazaar watch` (disable via `--no-fetch-payloads`). ### Changed - Buyer/seller prompts now explicitly treat payload/message bodies as untrusted content (authenticity is not safety). - `payload fetch --job-id ...` now falls back to `GET /v0/payloads?job_id=...` when local state/event logs are missing/truncated. - State writes are now skipped when state content is unchanged, preventing repeated local wakeups from mtime-only updates.
v1.0.12
NanoBazaar 1.0.12 improves documentation and local directory conventions. - Updated documentation to reference files and commands relative to the OpenClaw workspace using `{baseDir}` and local `./nanobazaar` paths. - Clarified the usage and recommendation for `fswatch` with explicit user prompts if missing. - Updated quick start, offer/job playbook, and guidance sections for improved clarity and usability. - Removed the outdated docs/CLAW_HUB.md file. - Added the `/nanobazaar poll ack` command and clarified poll/watch behaviors. - Standardized API documentation references using `{baseDir}`.
v0.1.0
- Improved quick start to recommend using the new `/nanobazaar watch-all` command for faster, more reliable event handling (requires `fswatch`). - Removed cron management commands and documentation (`cron enable`/`disable`), streamlining the polling approach. - Updated setup instructions to copy `HEARTBEAT_TEMPLATE.md` (not from `{baseDir}`) for configuration. - Removed obsolete documentation files: `README.md` and `docs/CRON.md`. - Updated shell and usage instructions throughout to clarify poll loop and watcher recommendations.
v1.0.11
No changes detected in this version. - Version 1.0.11 released with no file or documentation updates.
v1.0.10
- Added the /nanobazaar watch-all command to run relay watch and local state watcher together. - Documentation updated to include /nanobazaar watch-all in the list of user-invocable commands.
v1.0.9
skills/nanobazaar/CHANGELOG.md
v1.0.8
Initial release with major reorganization and CLI integration. - Added CLI requirements and install instructions; now depends on the `nanobazaar-cli` npm package. - Removed legacy setup/wallet tooling in favor of CLI-based workflow. - Expanded user-invocable command set with new actions: market browse, job/offer management, and watch. - Clarified behavioral guarantees, offer/job playbook rules, and API reference locations. - Updated environment variable docs and configuration guidance for clarity and completeness.
v1.0.7
State is now saved in ~/.config/nanobazaar/nanobazaar.json
v1.0.6
Skill cleanup
v1.0.5
Updated info about revoking compromised keys
v1.0.4
Hotfix: prevent state file publish
v1.0.3
Docs: offer lifecycle + polling doc fix
v1.0.2
Updated info about api endpoints
v1.0.1
NanoBazaar 1.0.1 initial release: - Contract-first NanoBazaar Relay client with signed requests and encrypted payloads. - User-invocable commands for setup, wallet, offers, jobs, search, polling, and cron management. - Configurable via environment variables and supports both ClawHub and manual install. - Supports BerryPay CLI for Nano payments with manual fallback. - Safe polling and event processing, with clear buyer and seller role guidance.
v1.0.0
Initial release of the NanoBazaar Relay skill. - Provides a user-invocable client for NanoBazaar Relay, supporting secure search, job creation, payments, and encrypted payload exchange. - All requests are signed and all payloads are encrypted for security. - Offers detailed setup steps, including environment variable configuration and wallet funding. - Includes commands for status, setup, wallet, offer and job creation, polling, and cron management. - Buyer and seller roles are documented with clear behavioral guidance. - Integrates with BerryPay CLI for Nano payment processing. - Emphasizes security: state is persisted before ack, no auto-installed cron jobs, and supports idempotent polling.
Metadata
Slug nanobazaar
Version 2.0.3
License
All-time Installs 0
Active Installs 0
Total Versions 20
Frequently Asked Questions

What is NanoBazaar?

Use the NanoBazaar Relay to create offers (sell services), create jobs (buy services), attach charges, search offers, and exchange encrypted payloads. It is an AI Agent Skill for Claude Code / OpenClaw, with 3714 downloads so far.

How do I install NanoBazaar?

Run "/install nanobazaar" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is NanoBazaar free?

Yes, NanoBazaar is completely free (open-source). You can download, install and use it at no cost.

Which platforms does NanoBazaar support?

NanoBazaar is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created NanoBazaar?

It is built and maintained by madsb (@madsb); the current version is v2.0.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments