nostr-logging-system
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a setup script that interacts with the local file system via the
fsmodule to read and write a.envfile, ensuring the persistence of the generated Nostr identity key (NOSTR_NSEC) across sessions. - [DATA_EXFILTRATION]: The core functionality of the skill involves transmitting data to external Nostr relays (e.g.,
wss://relay.damus.io). While this constitutes external data transfer, it is the primary stated purpose of the logging transport system. - [PROMPT_INJECTION]: The skill presents an attack surface for Indirect Prompt Injection as it ingests untrusted data in the
messageandcontextfields without explicit boundary markers or sanitization in the code. This is mitigated by best-practice documentation recommending redaction and the use of private messaging for sensitive data. - [CREDENTIALS_UNSAFE]: The skill provides placeholders and a generation utility for Nostr keys (
nsec/npub). No hardcoded secrets or sensitive credentials belonging to the author are present in the code.
Audit Metadata