ClawHub

Openclaw Nostr 2026.5.26.Tgz

Security checks across malware telemetry and agentic risk

Overview

This is an official OpenClaw Nostr messaging plugin whose sensitive behavior is expected for encrypted Nostr DMs, though users should handle the private key carefully.

Install only if you intend to run a Nostr DM channel. Prefer NOSTR_PRIVATE_KEY or a protected secret provider over --private-key or plaintext config, review the relay list you will connect to, and avoid dmPolicy=open unless you intentionally want unsolicited DMs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code reads the Nostr private key from configuration and then propagates it into returned account/config objects (`privateKey` and `config.privateKey`). This increases the secret's exposure surface to any downstream consumer, logger, serializer, UI layer, or plugin runtime component that handles account snapshots, making accidental disclosure or exfiltration more likely.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The manifest declares use of a highly sensitive credential, `NOSTR_PRIVATE_KEY`, and also allows `privateKey` to be supplied directly, from files, or via exec-backed providers, but it provides no user-facing disclosure about how this secret is handled, stored, or protected. In a messaging plugin for Nostr, compromise or misuse of the private key would let an attacker impersonate the user, decrypt/sign messages on their behalf, and potentially cause irreversible identity loss within that account context.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The manifest enables outbound communication to arbitrary `relays` and describes encrypted DMs, but it does not warn users that messages, metadata, profile fields, and relay selections may be transmitted to third-party network endpoints. Even when message bodies are encrypted, traffic analysis, metadata leakage, misconfiguration of relay lists, or use of `dmPolicy` values like `open` can expose private interactions and increase the attack surface.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The manifest explicitly encourages users to provide a private key via a CLI flag, but the description gives no constraints, safer alternatives, or warning that command-line arguments may be exposed through shell history, process listings, logs, or crash telemetry. In a plugin for encrypted direct messages, that secret is highly sensitive because compromise of the Nostr private key enables account impersonation and decryption/signing operations tied to the user identity.

Missing User Warnings

High
Confidence
97% confidence
Finding
Passing a Nostr private key on the command line is inherently risky because command arguments are commonly exposed to local users and software via shell history, process inspection tools, CI logs, and support bundles. In this specific skill context, the option directly handles the credential that controls the user's Nostr identity for NIP-04 DMs, so exposure can lead to full identity takeover and unauthorized encrypted messaging activity.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal