← 返回 Skills 市场
371
总下载
0
收藏
0
当前安装
13
版本数
在 OpenClaw 中安装
/install nostrkey
功能描述
Cryptographic identity SDK for AI agents — generate Nostr keypairs, sign events, encrypt messages, BIP-39 seed phrases, portable backup tokens. 69 tests, zer...
安全使用建议
This skill appears to be a legitimate Nostr identity SDK, but take these precautions before installing or enabling it:
- Confirm the install behavior: will the agent automatically pip install the 'nostrkey' package? If so, verify the package source (PyPI project page and GitHub repo) and consider pinning a known-good version or reviewing the package code before installing.
- Protect secrets: provide NOSTRKEY_PASSPHRASE via a secure secret mechanism (not in chat). The skill will print the raw seed phrase and asks the operator to paste seed phrases for restore — never paste seed phrases or private keys into an untrusted chat or log.
- Resolve metadata inconsistencies: the registry summary claimed no env vars/no install spec while SKILL.md and metadata.json require NOSTRKEY_PASSPHRASE and list a pip install. Ask the publisher to correct the manifest so you know whether remote code will be fetched.
- Review example code: examples show saving identity files to disk and publishing to relays (wss://relay.damus.io). Confirm you are comfortable with the agent having a persistent public identity and with events being published to chosen relays.
If you cannot verify the pip package source or are uncomfortable with printing/pasting seed phrases, treat this skill as untrusted and do not install or enable it.
功能分析
Type: OpenClaw Skill
Name: nostrkey
Version: 0.3.0
The skill provides a legitimate cryptographic identity framework for AI agents using the Nostr protocol. It includes detailed instructions in SKILL.md for the agent to securely manage keypairs, including generating new identities, restoring from seed phrases, and using passphrases for encryption at rest. The bundle features security-conscious guidelines that instruct the agent to never log private keys and to warn users about deleting sensitive messages from chat history. No evidence of data exfiltration, malicious execution, or unauthorized access was found; the functionality is entirely aligned with the stated purpose of identity management.
能力评估
Purpose & Capability
The name/description (Nostr identity SDK) match the instructions and example code (keypair generation, signing, encryption, publishing to relays). Requiring pip to install the nostrkey Python package is appropriate for this purpose.
Instruction Scope
Runtime instructions are narrowly scoped to identity management: generate/restore keypairs, save an encrypted identity file, print the public key and seed phrase, and (in examples) publish to relays. These actions are expected for an identity SDK, but printing and instructing the operator to record the raw seed phrase (and asking the operator to paste seed phrases into chat during restore) are highly sensitive and require operator caution.
Install Mechanism
The SKILL.md and metadata.json declare a pip install of package 'nostrkey' (traceable to PyPI/GitHub), which is a reasonable install method for a Python SDK. However, the skill metadata above also said 'No install spec — instruction-only', creating an inconsistency about whether code will be fetched/installed. Installing arbitrary pip packages runs remote code and should be explicitly authorized and source-verified.
Credentials
The skill requires a single sensitive environment variable NOSTRKEY_PASSPHRASE (used to encrypt identity files), which is proportionate to the stated purpose. However the top-level summary earlier indicated 'Required env vars: none', conflicting with SKILL.md/metadata.json where NOSTRKEY_PASSPHRASE is required — this mismatch should be resolved before use. Also note the skill will cause the agent to output the seed phrase (sensitive) and writes identity files to the workspace.
Persistence & Privilege
always:false and no special system-wide configuration changes are requested. The skill writes identity files into the workspace (encrypted with the provided passphrase) and can publish to relays; these are expected behaviors and do not require elevated platform privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nostrkey - 安装完成后,直接呼叫该 Skill 的名称或使用
/nostrkey触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.0
Security hardening: SecretStr, sanitized exceptions, input validation
v0.2.9
Add env vars to frontmatter, drop uv installer — testing scanner fix
v0.2.8
Entity-aware SKILL.md rewrite — awakening narrative, living with identity
v0.2.7
Inline setup
code in SKILL.md, declare NOSTRKEY_PASSPHRASE env var
v0.2.6
env var passphrase, no-ask signing
v0.2.5
post-setup guidance, npub recall, passphrase hygiene
v0.2.4
v0.2.4: support_skills, updated SKILL.md, README refresh
v0.2.3
v0.2.3: support_skills directory, updated SKILL.md, README refresh
v0.2.2
Docs: add seed phrase, backup card,
and token examples to README and SKILL.md.
v0.2.0
Security hardening: dropped C dependency, fixed NIP-44 interop, 15 security fixes, 49 tests
v0.1.3
Standardized SKILL.md template with quickstart, response format, common patterns, security, configuration, links
v0.1.2
Security hardening: HMAC-authenticated identity files, hex key validation, timing-safe comparisons, relay URL validation, WebSocket timeouts
v0.1.1
Initial ClawHub release — identity SDK for AI agents with examples
元数据
常见问题
nostrkey 是什么?
Cryptographic identity SDK for AI agents — generate Nostr keypairs, sign events, encrypt messages, BIP-39 seed phrases, portable backup tokens. 69 tests, zer... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 371 次。
如何安装 nostrkey?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nostrkey」即可一键安装,无需额外配置。
nostrkey 是免费的吗?
是的,nostrkey 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
nostrkey 支持哪些平台?
nostrkey 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 nostrkey?
由 vveerrgg(@vveerrgg)开发并维护,当前版本 v0.3.0。
推荐 Skills