Back to plugin
Pluginv0.1.1
ClawScan security
Nostr NIP-17 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 21, 2026, 7:55 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Code, config, and runtime instructions are consistent with a Nostr DM channel plugin; it needs access to Nostr private keys and registers a gateway HTTP handler to manage profiles, which is expected for this functionality.
- Guidance
- This plugin appears to do what it says: run a Nostr DM channel, handle NIP-04/NIP-17, and manage per-account profiles. Before installing: (1) Only supply private keys you intend the plugin to control (the plugin reads keys from channel/plugin config and examples use env vars like NOSTR_PRIVATE_KEY); (2) note the plugin registers a gateway HTTP route that can read relays and write the profile into your channels.nostr config — that requires trusted-operator privileges, so install only from a source you trust (verify the npm/ClawHub package and repository); (3) if you plan to use per-account env vars (e.g., NOSTR_INK_PRIVATE_KEY) be explicit about where you set them — they are not enumerated in the plugin metadata; (4) if you want extra assurance, review the included source files (particularly code that calls runtime.config.writeConfigFile and the HTTP handler) to confirm no unexpected config keys are being modified.
Review Dimensions
- Purpose & Capability
- okThe package is a Nostr DM plugin (NIP-04 and NIP-17) and the code uses nostr-tools and noble hashes to implement encryption, relay subscriptions, sending and receiving DMs, profile import/publish, and multi-account support. Declared dependencies and included files align with the described purpose; nothing requested by the package is unrelated to operating a Nostr channel.
- Instruction Scope
- noteSKILL.md and code operate within the stated domain: reading plugin/channel config, subscribing to relays, decrypting/unwrapping DMs, sending DMs, and updating account profile data. The plugin registers an HTTP route (/api/channels/nostr/*) that can import profiles and save the profile into channels.nostr via runtime.config.writeConfigFile — this is within the plugin's stated feature set but is a privileged action (see persistence_privilege).
- Install Mechanism
- okNo remote download/extract install spec is present; package.json shows standard npm packaging with dependencies on nostr-tools and @noble/hashes, which are appropriate and expected. There are no suspicious external URLs or archive extracts in the manifest.
- Credentials
- noteThe plugin requires access to Nostr private keys (examples use ${NOSTR_PRIVATE_KEY} and per-account variables like ${NOSTR_INK_PRIVATE_KEY}). openclaw.plugin.json declares nostr channelEnvVars: ["NOSTR_PRIVATE_KEY"], which is appropriate. However, SKILL.md examples show additional per-account env var names (e.g., NOSTR_INK_PRIVATE_KEY) that are not declared in plugin metadata — administrators should ensure they understand where account private keys will be supplied and stored. No unrelated secrets or external credentials are requested.
- Persistence & Privilege
- noteThe plugin registers a gateway HTTP route with auth 'gateway' and gatewayRuntimeScopeSurface 'trusted-operator' and uses runtime.config.writeConfigFile to persist profile data into the host config (channels.nostr.profile). This elevated gateway scope is consistent with the plugin's profile-import/save feature but is a privileged capability — install only if you trust the plugin and operator environment.