← 返回 Skills 市场

nostrsocial

Name: nostrsocial
Author: vveerrgg

作者 vveerrgg · GitHub ↗ · v0.1.3 · MIT-0

cross-platform ✓ 安全检测通过

246

总下载

当前安装

版本数

在 OpenClaw 中安装

/install nostrsocial

功能描述

Social awareness for AI entities — contacts, trust tiers, and identity verification over Nostr

安全使用建议

This skill appears to do what it claims, but take these precautions before installing: - Verify the package source: confirm the nostrsocial pip package matches the referenced GitHub repo (review the repository and recent releases) and that the package on PyPI (or your install source) is the legitimate project. - Resolve the install-method inconsistency: SKILL.md mentions an 'uv' install kind while metadata.json and the README show pip; prefer installing via pip only after verifying the package origin. - Never export or print private keys in production: the example calls export_secret() and prints it — treat that as a one-time secure backup flow only (copy into secure vault, do not stdout/log). Prefer using the NostrKey skill and encrypted storage rather than environment-binding NOSTR_NSEC. - Review network behavior in the package source: the skill will interact with Nostr relays (NOSTR_RELAY). Inspect the code for any unexpected network endpoints or telemetry before granting access. - Principle of least privilege: Keep NOSTR_NSEC and NOSTRKEY_PASSPHRASE protected (do not hardcode). If possible, use a secure secret manager and the suggested NostrKey skill for key handling. If you want higher confidence, request the package's PyPI URL and a link to the repository commit/tarball used for this release so you (or a reviewer) can inspect the published package contents and network calls.

功能分析

Type: OpenClaw Skill Name: nostrsocial Version: 0.1.3 The nostrsocial skill provides a framework for AI agents to manage social relationships and trust tiers using the Nostr protocol. It implements contact management, identity verification, and behavioral rules (e.g., token budgets and warmth) based on relationship depth. While it handles sensitive cryptographic keys (NOSTR_NSEC), the documentation in SKILL.md and metadata.json includes explicit warnings against exposure and follows a logical, documented purpose without evidence of malicious intent, exfiltration, or unauthorized execution.

能力评估

✓ Purpose & Capability

Name/description (Nostr social identity, contacts, trust tiers) align with declared dependencies (nostrkey) and optional environment variables (NOSTR_NSEC, NOSTR_RELAY, NOSTRKEY_PASSPHRASE). The examples and API surface in SKILL.md match the stated purpose.

ℹ Instruction Scope

Runtime instructions and examples stay within the skill's domain (creating an enclave, persisting relationship state, verifying identities). However, an example explicitly exports and prints a device secret (enclave.export_secret() followed by print), which is risky practice even though the docs warn to back it up securely; that example should not be used in production. File storage is limited to a user-level path (~/.entity/social.json) and the skill does not instruct reading unrelated system files or unrelated credentials.

ℹ Install Mechanism

Install is via a pip package (metadata.json and SKILL.md say pip install nostrsocial), but the SKILL.md's top-matter uses an 'uv' install kind (uv package: nostrsocial). This inconsistency is notable: 'uv' is uncommon compared to pip and should be verified. No downloads from arbitrary URLs or archives are present in the bundle; dependency on nostrkey is coherent.

✓ Credentials

Requested environment variables are appropriate and optional for a Nostr identity/relay client. Sensitive vars (NOSTR_NSEC, NOSTRKEY_PASSPHRASE) are declared and documented as sensitive. The skill does not request unrelated credentials or high-privilege system tokens.

✓ Persistence & Privilege

The skill does not request always:true or other elevated platform privileges. It persists data to a local user-specified file and recommends backing up a device secret; this is expected for an identity/contacts tool. Autonomous invocation is allowed (platform default) but not combined with other red flags.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install nostrsocial
安装完成后，直接呼叫该 Skill 的名称或使用 /nostrsocial 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.3

Security hardening: SecretStr, sanitized exceptions, input validation

v0.1.2

Entity-aware SKILL.md — relationships as a dimension of being

v0.1.1

Standardized SKILL.md template

v0.1.0

Initial release: contacts, trust tiers, proxy npubs, conversation evaluation, cross-channel recognition, guardrails

元数据

Slug nostrsocial

版本 0.1.3

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题

nostrsocial 是什么？

Social awareness for AI entities — contacts, trust tiers, and identity verification over Nostr. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 246 次。

如何安装 nostrsocial？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install nostrsocial」即可一键安装，无需额外配置。

nostrsocial 是免费的吗？

是的，nostrsocial 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

nostrsocial 支持哪些平台？

nostrsocial 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 nostrsocial？

由 vveerrgg（@vveerrgg）开发并维护，当前版本 v0.1.3。