Latest release: v2026.5.28Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The package consistently implements a Nostr NIP-04 direct-message channel, including relay connectivity, encrypted DM send/receive, sender policy checks, and optional Nostr profile publishing.
Instruction Scope
Runtime behavior is scoped to Nostr channel setup, messaging, pairing/allowlist policy, and profile operations; no hidden prompt manipulation, unrelated command execution, or deceptive instructions were found.
Install Mechanism
The artifact is a normal @openclaw npm-pack style plugin with shrinkwrapped dependencies and no install scripts or automatic privileged installation behavior identified.
Credentials
Use of Nostr relays, local gateway APIs, and a Nostr private key is proportionate to the channel purpose; profile mutation routes are protected by gateway auth, operator.admin scope, loopback checks, validation, and rate limiting.
Persistence & Privilege
The plugin can persist a directly supplied Nostr private key in configuration and writes local state files for processed events/profile publish state; this is purpose-aligned but sensitive.
Scan Findings in Context
[SQP-2] expected: Confirmed: setup can write a provided privateKey value into channel configuration. This is sensitive, but it is disclosed by the config surface and directly supports Nostr signing/decryption; no evidence showed exfiltration or deceptive use.
Assessment
Prefer using NOSTR_PRIVATE_KEY or another secret reference instead of placing the raw key in config. Use a dedicated Nostr key for the bot, protect backups and support bundles that may include configuration, and rotate the key if local config is exposed.dist/channel-UK7t4qb8.js:1194
File appears to expose a hardcoded API secret or token.
dist/config-schema-DIiXiBKr.js:52
File appears to expose a hardcoded API secret or token.
dist/setup-adapter-DEU3o8MF.js:45
File appears to expose a hardcoded API secret or token.
dist/setup-surface-CVEYWXAG.js:88
File appears to expose a hardcoded API secret or token.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Verification
Tags
@openclaw/nostr
Nostr DM channel plugin for OpenClaw using NIP-04 encrypted direct messages.
Overview
This extension adds Nostr as a messaging channel to OpenClaw. It enables your bot to:
- Receive encrypted DMs from Nostr users
- Send encrypted responses back
- Work with any NIP-04 compatible Nostr client (Damus, Amethyst, etc.)
Installation
openclaw plugins install @openclaw/nostr
Quick Setup
-
Generate a Nostr keypair (if you don't have one):
# Using nak CLI nak key generate # Or use any Nostr key generator -
Add to your config:
{ "channels": { "nostr": { "privateKey": "${NOSTR_PRIVATE_KEY}", "relays": ["wss://relay.damus.io", "wss://nos.lol"] } } } -
Set the environment variable:
export NOSTR_PRIVATE_KEY="nsec1..." # or hex format -
Restart the gateway
Configuration
| Key | Type | Default | Description |
|---|---|---|---|
privateKey | string | required | Bot's private key (nsec or hex format) |
relays | string[] | ["wss://relay.damus.io", "wss://nos.lol"] | WebSocket relay URLs |
dmPolicy | string | "pairing" | Access control: pairing, allowlist, open, disabled |
allowFrom | string[] | [] | Allowed sender pubkeys (npub or hex) |
enabled | boolean | true | Enable/disable the channel |
name | string | - | Display name for the account |
Access Control
DM Policies
- pairing (default): Unknown senders receive a pairing code to request access
- allowlist: Only pubkeys in
allowFromcan message the bot - open: Anyone can message the bot (use with caution)
- disabled: DMs are disabled
Inbound event signatures are verified before policy enforcement and NIP-04 decryption.
Unknown senders in pairing mode can receive a pairing reply, but their original DM body is not
processed unless approved.
Example: Allowlist Mode
{
"channels": {
"nostr": {
"privateKey": "${NOSTR_PRIVATE_KEY}",
"dmPolicy": "allowlist",
"allowFrom": ["npub1abc...", "0123456789abcdef..."]
}
}
}
Testing
Local Relay (Recommended)
# Using strfry
docker run -p 7777:7777 ghcr.io/hoytech/strfry
# Configure openclaw to use local relay
"relays": ["ws://localhost:7777"]
Manual Test
- Start the gateway with Nostr configured
- Open Damus, Amethyst, or another Nostr client
- Send a DM to your bot's npub
- Verify the bot responds
Protocol Support
| NIP | Status | Notes |
|---|---|---|
| NIP-01 | Supported | Basic event structure |
| NIP-04 | Supported | Encrypted DMs (kind:4) |
| NIP-17 | Planned | Gift-wrapped DMs (v2) |
Security Notes
- Private keys are never logged
- Event signatures are verified before processing
- Sender policy is checked before expensive crypto work
- Inbound DMs are rate-limited and oversized payloads are dropped before decrypt
- Use environment variables for keys, never commit to config files
- Consider using
allowlistmode in production
Troubleshooting
Bot not receiving messages
- Verify private key is correctly configured
- Check relay connectivity
- Ensure
enabledis not set tofalse - Check the bot's public key matches what you're sending to
Messages not being delivered
- Check relay URLs are correct (must use
wss://) - Verify relays are online and accepting connections
- Check for rate limiting (reduce message frequency)
License
MIT