Scan Report
5 /100
nostr-profile
Nostr profile management for AI agents — publish, read, and update kind 0 metadata on any relay
Legitimate Nostr profile management skill with clear documentation, proper cryptographic identity handling, and network access consistent with its stated purpose.
Safe to install
No security concerns identified. The skill can be used safely.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md:58 - Identity.load() reads identity file |
| Network | READ | READ | ✓ Aligned | SKILL.md:64-66 - WebSocket connections to Nostr relays, DiceBear API for avatars |
| Environment | READ | READ | ✓ Aligned | SKILL.md:58 - Reads NOSTRKEY_PASSPHRASE from environment |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:16-19 - pip install declared in requires.bins |
9 findings
Medium External URL 外部 URL
https://clawhub.ai/vveerrgg/nostrkey SKILL.md:34 Medium External URL 外部 URL
https://api.dicebear.com/7.x/bottts/svg?seed= SKILL.md:90 Medium External URL 外部 URL
https://api.dicebear.com/7.x/shapes/svg?seed= SKILL.md:91 Medium External URL 外部 URL
https://njump.me/[npub SKILL.md:114 Medium External URL 外部 URL
https://npub.bio/[npub SKILL.md:115 Medium External URL 外部 URL
https://clawhub.ai/vveerrgg/sense-memory SKILL.md:232 Medium External URL 外部 URL
https://clawhub.ai/vveerrgg/nostr-profile SKILL.md:235 Medium External URL 外部 URL
https://huje.tools metadata.json:8 Info Email 邮箱地址
[email protected] SKILL.md:200 File Tree
3 files · 12.1 KB · 327 lines Markdown 1f · 239L
JSON 1f · 48L
Python 1f · 40L
├─
▾
examples
│ └─
publish_profile.py
Python
├─
metadata.json
JSON
└─
SKILL.md
Markdown
Dependencies 2 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
nostr-profile | * | pip | No | Main package, version not specified |
nostrkey | >=0.1.1 | pip | No | Dependency declared with minimum version |
Security Positives
✓ Clear, comprehensive documentation of all functionality
✓ Cryptographic operations properly scoped to identity management
✓ Security rules explicitly stated (never display nsec)
✓ HTTPS URL validation enforced
✓ No credential exfiltration - passphrase only used locally for decryption
✓ Network access directly tied to core Nostr protocol functionality
✓ Public key operations (reading profiles) documented as intentionally public
✓ No obfuscation, base64-encoded payloads, or suspicious patterns