扫描报告
5 /100
nostr-profile
Nostr profile management for AI agents — publish, read, and update kind 0 metadata on any relay
Legitimate Nostr profile management skill with clear documentation, proper cryptographic identity handling, and network access consistent with its stated purpose.
可以安装
No security concerns identified. The skill can be used safely.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | SKILL.md:58 - Identity.load() reads identity file |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md:64-66 - WebSocket connections to Nostr relays, DiceBear API for avatars |
| 环境变量 | READ | READ | ✓ 一致 | SKILL.md:58 - Reads NOSTRKEY_PASSPHRASE from environment |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md:16-19 - pip install declared in requires.bins |
9 项发现
中危 外部 URL 外部 URL
https://clawhub.ai/vveerrgg/nostrkey SKILL.md:34 中危 外部 URL 外部 URL
https://api.dicebear.com/7.x/bottts/svg?seed= SKILL.md:90 中危 外部 URL 外部 URL
https://api.dicebear.com/7.x/shapes/svg?seed= SKILL.md:91 中危 外部 URL 外部 URL
https://njump.me/[npub SKILL.md:114 中危 外部 URL 外部 URL
https://npub.bio/[npub SKILL.md:115 中危 外部 URL 外部 URL
https://clawhub.ai/vveerrgg/sense-memory SKILL.md:232 中危 外部 URL 外部 URL
https://clawhub.ai/vveerrgg/nostr-profile SKILL.md:235 中危 外部 URL 外部 URL
https://huje.tools metadata.json:8 提示 邮箱 邮箱地址
[email protected] SKILL.md:200 目录结构
3 文件 · 12.1 KB · 327 行 Markdown 1f · 239L
JSON 1f · 48L
Python 1f · 40L
├─
▾
examples
│ └─
publish_profile.py
Python
├─
metadata.json
JSON
└─
SKILL.md
Markdown
依赖分析 2 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
nostr-profile | * | pip | 否 | Main package, version not specified |
nostrkey | >=0.1.1 | pip | 否 | Dependency declared with minimum version |
安全亮点
✓ Clear, comprehensive documentation of all functionality
✓ Cryptographic operations properly scoped to identity management
✓ Security rules explicitly stated (never display nsec)
✓ HTTPS URL validation enforced
✓ No credential exfiltration - passphrase only used locally for decryption
✓ Network access directly tied to core Nostr protocol functionality
✓ Public key operations (reading profiles) documented as intentionally public
✓ No obfuscation, base64-encoded payloads, or suspicious patterns