Nostr Wallet Connect (NWC) bridge for mdk-agent-wallet, which is self-custodial Bitcoin Lightning wallet for AI agents.

Name: Nostr Wallet Connect (NWC) bridge for mdk-agent-wallet, which is self-custodial Bitcoin Lightning wallet for AI agents.
Author: kristapsk

作者 kristapsk · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

1002

总下载

当前安装

版本数

在 OpenClaw 中安装

/install agent-wallet-nwc-bridge

功能描述

Expose a local @moneydevkit/agent-wallet as a Nostr Wallet Connect (NIP-47) wallet-service (systemd user service).

使用说明 (SKILL.md)

agent-wallet-nwc-bridge (skill)

This skill provides a small, self-hosted Nostr Wallet Connect (NIP-47) bridge that lets an NWC client (e.g. Stacker.News) send make_invoice / pay_invoice requests to a local @moneydevkit/agent-wallet.

It is intended to be run as a systemd user service.

What you get

index.js bridge implementation
portable agent-wallet-nwc-bridge.service unit (uses %h)
installer script install_systemd_user.sh
env + state files (nwc.env, state.json) stored locally (not committed)

Requirements

Linux with systemd user services
Node.js + npm
Nostr relay access (default example uses wss://nos.lol)

Install

git clone https://github.com/kristapsk/agent-wallet-nwc-bridge
cd agent-wallet-nwc-bridge

npm install
cp -n nwc.env.example nwc.env

# initialize state + create wallet service pubkey
node index.js init --relay wss://nos.lol

# install + start as user service
./install_systemd_user.sh

# follow logs
journalctl --user -u agent-wallet-nwc-bridge.service -f

Configure

Edit nwc.env:

NWC_RELAYS — comma-separated relay list (e.g. wss://nos.lol,wss://relay.damus.io)
NWC_STATE — defaults to state.json (relative to WorkingDirectory)
NWC_AUTO_REGISTER — 0 recommended (use explicit URIs/permissions)
NWC_DEFAULT_BUDGET_SATS — default spending cap when generating URIs

Security note: state.json contains NWC connection secrets. Do not commit it.

Typical usage flow (Stacker.News)

Run the bridge.
Generate an NWC URI for receive and attach it in SN wallets UI.
Generate a separate NWC URI for send (spending permission) and attach it.
Verify end-to-end:
- SN make_invoice requests appear in bridge logs
- SN pay_invoice requests appear and result in a paid invoice

Operations

Restart after changes:

systemctl --user restart agent-wallet-nwc-bridge.service

Disable:

systemctl --user disable --now agent-wallet-nwc-bridge.service

Publishing to ClawHub

Ensure README.md, SKILL.md, and package.json are present.
Keep secrets out of git (nwc.env, state.json, node_modules/ are ignored by default).

安全使用建议

This package implements what it claims (a Nostr Wallet Connect bridge) but pay attention to three things before installing: 1) Review and trust the agent-wallet package: index.js calls 'npx -y @moneydevkit/agent-wallet ...' at runtime, which will download/execute that package from npm if it's not present — that can run arbitrary code as your user. If you don't fully trust that package, install it locally and/or vendor/pin it instead of relying on npx. 2) Protect state.json and the working directory: state.json contains NWC secrets (private keys) and must be stored with restrictive permissions. The systemd unit grants read/write only to the project directory — ensure that directory is in your home and not world-readable. 3) Configuration and auto-registration safety: the bridge can auto-register unknown client pubkeys if NWC_AUTO_REGISTER is enabled. Keep NWC_AUTO_REGISTER off (0) and set explicit budgets to avoid accidental spending. Consider running the service in a sandboxed user account or VM if you want stronger isolation. Additional recommendations: update the registry metadata to list required env vars, audit index.js (or run with a vendored agent-wallet binary), pin npm dependencies, and monitor logs for unexpected behavior.

功能分析

Type: OpenClaw Skill Name: agent-wallet-nwc-bridge Version: 1.0.0 The skill `agent-wallet-nwc-bridge` is classified as suspicious due to a potential shell injection vulnerability in `index.js`. The `runAgentWallet` function executes `npx @moneydevkit/agent-wallet` with arguments derived from user-controlled NWC request parameters. Specifically, the `description` parameter in `make_invoice` requests is passed directly to `spawnSync` without apparent sanitization, which could allow an attacker to inject and execute arbitrary shell commands. While the `agent-wallet-nwc-bridge.service` file includes hardening measures like `ProtectHome=read-only` and `ReadWritePaths` to limit write access, the underlying RCE risk remains. There is no evidence of intentional malicious behavior, data exfiltration, or prompt injection against the AI agent.

能力评估

ℹ Purpose & Capability

The name/description match what the files implement: a NIP‑47 bridge that listens on Nostr relays and forwards requests to a local @moneydevkit/agent-wallet via npx. However registry metadata lists no required env vars/credentials while the SKILL.md and index.js rely on multiple environment variables (NWC_RELAYS, NWC_STATE, NWC_AUTO_REGISTER, NWC_DEFAULT_BUDGET_SATS, etc.). That metadata mismatch is incoherent and could lead to accidental misconfiguration.

⚠ Instruction Scope

SKILL.md instructs running as a systemd user service and storing secrets in state.json (documented). The bridge decrypts events from public relays and executes wallet operations by invoking 'npx @moneydevkit/agent-wallet ...' from index.js. Using npx at runtime results in downloading and executing code from the npm registry — a broader network/execution scope than simply 'talking to a local wallet' and worth attention. The code otherwise confines reads/writes to the project directory and only uses the declared state/env files.

ℹ Install Mechanism

There is no formal install spec in the registry, but an installer script (install_systemd_user.sh) runs 'npm install' in the project directory and installs a systemd user unit. Dependencies come from npm (nostr-tools). The runtime use of 'npx -y @moneydevkit/agent-wallet' will fetch and execute that package from the network if not available locally — this is expected for functionality but increases supply-chain risk compared to a pinned local dependency.

⚠ Credentials

The skill declares no required environment variables in the registry metadata, yet index.js and SKILL.md rely on several env vars (NWC_RELAYS, NWC_STATE, NWC_AUTO_REGISTER, NWC_DEFAULT_BUDGET_SATS, NWC_AUTO_REGISTER_NAME). No external service credentials are requested, which is proportionate, but the metadata omission is misleading. Also state.json stores NWC secrets (documented) — you must protect that file.

✓ Persistence & Privilege

The skill installs as a user-level systemd service (no root) and the unit limits access to the project's directory with typical hardening flags. always:false and normal autonomous invocation are set. The installer and service operate at user privilege levels only.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install agent-wallet-nwc-bridge
安装完成后，直接呼叫该 Skill 的名称或使用 /agent-wallet-nwc-bridge 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of agent-wallet-nwc-bridge. - Exposes a local @moneydevkit/agent-wallet as a Nostr Wallet Connect (NIP-47) wallet-service. - Includes systemd user service unit and installation script for easy setup on Linux. - Supports make_invoice and pay_invoice requests from NWC clients such as Stacker.News. - Provides local storage for environment and state files; secrets are not committed to git. - Detailed configuration and usage instructions included in documentation.

元数据

Slug agent-wallet-nwc-bridge

版本 1.0.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 1

常见问题