← 返回 Skills 市场

Dagny Nostr (nak)

Name: Dagny Nostr (nak)
Author: edwardbickerton

作者 edwardbickerton · GitHub ↗ · v0.1.4

cross-platform ⚠ suspicious

713

总下载

当前安装

版本数

在 OpenClaw 中安装

/install dagny-nostr-nak

功能描述

Manage Nostr posting and engagement via the nak CLI. Use for creating notes, replying in threads, tagging npubs, checking replies/mentions, monitoring a rela...

使用说明 (SKILL.md)

Nostr (nak)

Overview

Use nak for all Nostr actions: publish notes, reply in threads, and query relays for replies/mentions. Default relay: wss://relay.primal.net unless the user specifies another.

Install / Update nak

Repo: https://github.com/fiatjaf/nak
Install (script): curl -sSL https://raw.githubusercontent.com/fiatjaf/nak/master/install.sh | sh
Update: re-run the install script above (it installs latest)
Tip: review the script before running if you want to audit what it does.

Onboarding (keys)

Generate a new key: nak key generate (prints nsec + npub)
Save the secret: store NOSTR_SECRET_KEY in a shell profile or a local .env with restricted permissions.
- Example: export NOSTR_SECRET_KEY="nsec1..."
- Optional: chmod 600 .env if you store it locally.
- Prefer env vars over inline --sec in commands.

Quick Start (common tasks)

Post a note: nak event -k 1 --sec $NOSTR_SECRET_KEY -c "..." \x3Crelay>
Reply to a note: include root and reply tags (see below)
Check replies: nak req -k 1 -e \x3Cevent_id> -l \x3CN> \x3Crelay>
Check mentions: nak req -k 1 -p \x3Cyour_pubkey_hex> -l \x3CN> \x3Crelay>

Workflow: Posting & Replies

1) Create a new note

Build content.

Publish:

nak event -k 1 --sec $NOSTR_SECRET_KEY -c "\x3Ccontent>" wss://relay.primal.net

2) Reply to a reply (correct threading)

Always include both root and reply tags so clients display it as a reply:

root = original top‑level note id
reply = the specific note you’re replying to

Use -t e="\x3Cid>;\x3Crelay>;root" and -t e="\x3Cid>;\x3Crelay>;reply".

Example:

nak event -k 1 --sec $NOSTR_SECRET_KEY \
  -t e="\x3Croot_id>;wss://relay.primal.net;root" \
  -t e="\x3Creply_id>;wss://relay.primal.net;reply" \
  -p \x3Cother_pubkey_hex> \
  -c "\x3Creply content>" \
  wss://relay.primal.net

3) Check for replies to a note

nak req -k 1 -e \x3Croot_id> -l 20 wss://relay.primal.net

4) Check mentions of your pubkey

nak req -k 1 -p \x3Cyour_pubkey_hex> -l 20 wss://relay.primal.net

Conventions

Default relay: wss://relay.primal.net
Prefer NOSTR_SECRET_KEY env var instead of inline --sec.
When tagging users, include -p \x3Cnpub/hex>.
For human-facing links, encode with nak encode nevent ... and format as https://primal.net/e/\x3Cnevent>.

References

Use nak event --help and nak req --help for flag details.

安全使用建议

Before installing or using this skill: (1) Recognize that SKILL.md requires your NOSTR_SECRET_KEY but the registry metadata did not declare it — treat this as an omission. Only provide the nsec if you understand it grants posting/signing ability for your identity. (2) Do NOT run the curl | sh installer without review — the script is unpinned from GitHub master; prefer a pinned release, checksum, or package from a trusted distro, and inspect the script first. (3) Prefer exporting NOSTR_SECRET_KEY into a securely permissioned environment (chmod 600) rather than passing it inline with --sec to avoid leakage in shell history or process lists. (4) Verify you trust the default relay (wss://relay.primal.net) or specify a relay you control. (5) Ask the skill author/registry maintainer to update metadata to declare NOSTR_SECRET_KEY as a required credential and to provide a safer, pinned installation method (release tarball, package, or commit SHA). If you cannot verify the installer or are uncomfortable exposing the secret, do not install/run the skill.

功能分析

Type: OpenClaw Skill Name: dagny-nostr-nak Version: 0.1.4 The `SKILL.md` instructs the agent to install the `nak` CLI tool using a `curl | sh` pipeline (`curl -sSL https://raw.githubusercontent.com/fiatjaf/nak/master/install.sh | sh`). This method executes arbitrary remote code without prior review, posing a significant supply chain risk and remote code execution vulnerability. While the stated purpose is to install a legitimate tool, this practice is inherently insecure and could be exploited if the remote source (GitHub repository or CDN) were compromised.

能力评估

⚠ Purpose & Capability

The SKILL.md and description explicitly require access to NOSTR_SECRET_KEY (nsec) for signing/publishing, but the registry metadata lists no required environment variables or primary credential. This mismatch is incoherent: the skill does need a secret key to function but the metadata doesn't declare it.

ℹ Instruction Scope

The runtime instructions stay within the stated purpose (publishing, replying, querying relays) and do not ask the agent to read unrelated system files. They do, however, instruct running a remote install script and recommend storing a secret in shell profiles or .env files — actions that require caution (see install and env notes).

⚠ Install Mechanism

Although the skill is instruction-only, the SKILL.md tells users to install nak via: curl -sSL https://raw.githubusercontent.com/fiatjaf/nak/master/install.sh | sh. Downloading and piping an unpinned installer from a raw GitHub master branch and executing it is high-risk: the script could change, and there is no pinned release or checksum. This is a non-trivial install risk.

⚠ Credentials

The only secret logically required is the NOSTR_SECRET_KEY, which the instructions repeatedly reference and recommend exporting; but that env var is not declared in the skill metadata. There are no other env vars or credentials requested, which is proportionate — except for the metadata omission and the guidance that suggests storing secrets in profiles/.env (which can be misconfigured and accidentally expose the key). Also the examples show inline --sec usage which can expose secrets in logs/history.

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills, and does not declare system config path access. Its runtime behavior (invoking nak and talking to relays) aligns with its purpose and does not request elevated agent-wide privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install dagny-nostr-nak
安装完成后，直接呼叫该 Skill 的名称或使用 /dagny-nostr-nak 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.4

Restore install script; declare NOSTR_SECRET_KEY requirement in description.

v0.1.3

Reduce security flags: prefer manual release install, add secret-handling guidance.

v0.1.2

Fix nak install/update instructions (script install).

v0.1.1

Add nak install/update instructions and key onboarding.

v0.1.0

Initial release: posting, replies, mentions, relay checks via nak.

元数据

Slug dagny-nostr-nak

版本 0.1.4

许可证 —

累计安装 0

当前安装数 0

历史版本数 5

常见问题

Dagny Nostr (nak) 是什么？

Manage Nostr posting and engagement via the nak CLI. Use for creating notes, replying in threads, tagging npubs, checking replies/mentions, monitoring a rela... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 713 次。

如何安装 Dagny Nostr (nak)？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install dagny-nostr-nak」即可一键安装，无需额外配置。

Dagny Nostr (nak) 是免费的吗？

是的，Dagny Nostr (nak) 完全免费（开源免费），可自由下载、安装和使用。

Dagny Nostr (nak) 支持哪些平台？

Dagny Nostr (nak) 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Dagny Nostr (nak)？

由 edwardbickerton（@edwardbickerton）开发并维护，当前版本 v0.1.4。