← Back to Skills Marketplace
vveerrgg

nostrkey

by vveerrgg · GitHub ↗ · v0.3.0 · MIT-0
cross-platform ⚠ suspicious
371
Downloads
0
Stars
0
Active Installs
13
Versions
Install in OpenClaw
/install nostrkey
Description
Cryptographic identity SDK for AI agents — generate Nostr keypairs, sign events, encrypt messages, BIP-39 seed phrases, portable backup tokens. 69 tests, zer...
Usage Guidance
This skill appears to be a legitimate Nostr identity SDK, but take these precautions before installing or enabling it: - Confirm the install behavior: will the agent automatically pip install the 'nostrkey' package? If so, verify the package source (PyPI project page and GitHub repo) and consider pinning a known-good version or reviewing the package code before installing. - Protect secrets: provide NOSTRKEY_PASSPHRASE via a secure secret mechanism (not in chat). The skill will print the raw seed phrase and asks the operator to paste seed phrases for restore — never paste seed phrases or private keys into an untrusted chat or log. - Resolve metadata inconsistencies: the registry summary claimed no env vars/no install spec while SKILL.md and metadata.json require NOSTRKEY_PASSPHRASE and list a pip install. Ask the publisher to correct the manifest so you know whether remote code will be fetched. - Review example code: examples show saving identity files to disk and publishing to relays (wss://relay.damus.io). Confirm you are comfortable with the agent having a persistent public identity and with events being published to chosen relays. If you cannot verify the pip package source or are uncomfortable with printing/pasting seed phrases, treat this skill as untrusted and do not install or enable it.
Capability Analysis
Type: OpenClaw Skill Name: nostrkey Version: 0.3.0 The skill provides a legitimate cryptographic identity framework for AI agents using the Nostr protocol. It includes detailed instructions in SKILL.md for the agent to securely manage keypairs, including generating new identities, restoring from seed phrases, and using passphrases for encryption at rest. The bundle features security-conscious guidelines that instruct the agent to never log private keys and to warn users about deleting sensitive messages from chat history. No evidence of data exfiltration, malicious execution, or unauthorized access was found; the functionality is entirely aligned with the stated purpose of identity management.
Capability Assessment
Purpose & Capability
The name/description (Nostr identity SDK) match the instructions and example code (keypair generation, signing, encryption, publishing to relays). Requiring pip to install the nostrkey Python package is appropriate for this purpose.
Instruction Scope
Runtime instructions are narrowly scoped to identity management: generate/restore keypairs, save an encrypted identity file, print the public key and seed phrase, and (in examples) publish to relays. These actions are expected for an identity SDK, but printing and instructing the operator to record the raw seed phrase (and asking the operator to paste seed phrases into chat during restore) are highly sensitive and require operator caution.
Install Mechanism
The SKILL.md and metadata.json declare a pip install of package 'nostrkey' (traceable to PyPI/GitHub), which is a reasonable install method for a Python SDK. However, the skill metadata above also said 'No install spec — instruction-only', creating an inconsistency about whether code will be fetched/installed. Installing arbitrary pip packages runs remote code and should be explicitly authorized and source-verified.
Credentials
The skill requires a single sensitive environment variable NOSTRKEY_PASSPHRASE (used to encrypt identity files), which is proportionate to the stated purpose. However the top-level summary earlier indicated 'Required env vars: none', conflicting with SKILL.md/metadata.json where NOSTRKEY_PASSPHRASE is required — this mismatch should be resolved before use. Also note the skill will cause the agent to output the seed phrase (sensitive) and writes identity files to the workspace.
Persistence & Privilege
always:false and no special system-wide configuration changes are requested. The skill writes identity files into the workspace (encrypted with the provided passphrase) and can publish to relays; these are expected behaviors and do not require elevated platform privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install nostrkey
  3. After installation, invoke the skill by name or use /nostrkey
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.0
Security hardening: SecretStr, sanitized exceptions, input validation
v0.2.9
Add env vars to frontmatter, drop uv installer — testing scanner fix
v0.2.8
Entity-aware SKILL.md rewrite — awakening narrative, living with identity
v0.2.7
Inline setup code in SKILL.md, declare NOSTRKEY_PASSPHRASE env var
v0.2.6
env var passphrase, no-ask signing
v0.2.5
post-setup guidance, npub recall, passphrase hygiene
v0.2.4
v0.2.4: support_skills, updated SKILL.md, README refresh
v0.2.3
v0.2.3: support_skills directory, updated SKILL.md, README refresh
v0.2.2
Docs: add seed phrase, backup card, and token examples to README and SKILL.md.
v0.2.0
Security hardening: dropped C dependency, fixed NIP-44 interop, 15 security fixes, 49 tests
v0.1.3
Standardized SKILL.md template with quickstart, response format, common patterns, security, configuration, links
v0.1.2
Security hardening: HMAC-authenticated identity files, hex key validation, timing-safe comparisons, relay URL validation, WebSocket timeouts
v0.1.1
Initial ClawHub release — identity SDK for AI agents with examples
Metadata
Slug nostrkey
Version 0.3.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 13
Frequently Asked Questions

What is nostrkey?

Cryptographic identity SDK for AI agents — generate Nostr keypairs, sign events, encrypt messages, BIP-39 seed phrases, portable backup tokens. 69 tests, zer... It is an AI Agent Skill for Claude Code / OpenClaw, with 371 downloads so far.

How do I install nostrkey?

Run "/install nostrkey" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is nostrkey free?

Yes, nostrkey is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does nostrkey support?

nostrkey is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created nostrkey?

It is built and maintained by vveerrgg (@vveerrgg); the current version is v0.3.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments