✓ Verified
💻 Development
✓ Enhanced Data
Nihao
Nostr identity setup and health-check CLI.
- Rating
- 4.7 (236 reviews)
- Downloads
- 27,583 downloads
- Version
- 1.0.0
Overview
Nostr identity setup and health-check CLI.
✨Key Features
1
Install Binary
2
Create Identity
3
Report to User
4
(Optional) Follow Owner
Complete Documentation
View Source →
nihao 👋
Nostr identity setup and health-check CLI. Single binary, non-interactive, agent-friendly.
Source: https://github.com/dergigi/nihao
Capabilities Disclosure
This skill installs a single Go binary (nihao) that:
- Generates Nostr keypairs — random Ed25519 key generation via
crypto/rand - Publishes events — kind 0 (profile), kind 3 (follows), kind 1 (note), kind 10002 (relay list), kind 10050 (DM relays), kind 17375 (wallet), kind 10019 (nutzap info)
- Makes HTTP requests — NIP-05 verification, LNURL resolution, Cashu mint validation, relay NIP-11 probes, image HEAD checks
- Connects to Nostr relays — WebSocket connections to publish and query events
- Store keys on disk (prints nsec to stdout; use
--nsec-fileto write to a file or--nsec-cmdto pipe to a command) - Run as a daemon or background process
- Access local files beyond the binary itself
- Require any accounts, API keys, or KYC
Prerequisites
- Go 1.21+ — required to compile the binary from source. Check with
go version. - Install: https://go.dev/dl/ or via your package manager (
brew install go,apt install golang, etc.)
Install
nihao is distributed as source code compiled locally via Go's standard toolchain. No pre-built binaries are downloaded — the code is fetched from GitHub, compiled on your machine, and placed in your $GOPATH/bin.
bash
go install github.com/dergigi/nihao@latestVerify: nihao version
The source is fully auditable at https://github.com/dergigi/nihao.
On Install
When an agent installs this skill:
Step 1: Install Binary
bash
go install github.com/dergigi/nihao@latestStep 2: Create Identity
bash
nihao --name "<AGENT_NAME>" --about "<AGENT_BIO>" --nsec-file ./nsec.key --json --quietThis generates a keypair, publishes the identity, and securely writes the nsec to ./nsec.key with 0600 permissions. Parse the JSON output to extract npub, pubkey, and relays.
⚠️ The nsec cannot be recovered if lost. Always use --nsec-file or --nsec-cmd to persist it securely.
Step 3: Report to User
Tell the user:
- Their agent's npub
- Their agent's lightning address (default:
@npub.cash - Remind them to back up the nsec
Step 4: (Optional) Follow Owner
If the user provides their npub, the agent should follow them. nihao doesn't handle follows of specific npubs — use nak or another tool for that.
Setup — Create a New Identity
bash
nihao --name "AgentName" --about "I do things" --jsonWhat this does:
- Generates a Nostr keypair (or uses
--sec/--stdin) - Publishes profile metadata (kind 0)
- Publishes relay list (kind 10002) with NIP-65 read/write markers
- Publishes DM relay list (kind 10050) per NIP-17
- Publishes follow list (kind 3)
- Sets up a NIP-60 Cashu wallet (kind 17375 + kind 10019)
- Sets lightning address to
@npub.cash - Posts a first note with
#nihaohashtag
Setup Flags
| Flag | Purpose | |
|---|---|---|
| --name | Display name (default: "nihao-user") | |
| --about | Bio | |
| --picture | Profile picture URL | |
| --banner | Banner image URL | |
| --nip05 | NIP-05 identifier | |
| --lud16 | Lightning address (default: [email protected]) | |
| --relays | Override default relay list | |
| --discover | Discover relays from well-connected npubs | |
| --dm-relays | Override DM relay list (kind 10050) | |
| --no-dm-relays | Skip DM relay list publishing | |
| --mint | Custom Cashu mint (repeatable) | |
| --no-wallet | Skip wallet setup | |
--sec, --nsec | ||
| --stdin | Read secret key from stdin | |
| --nsec-file | Write nsec to file (0600 perms) for secure storage | |
| --nsec-cmd | Pipe nsec to shell command (alias: --nsec-exec) | |
| --json | JSON output for parsing | |
| --quiet, -q | Suppress non-JSON, non-error output |
Key Management
nihao never writes keys to disk by default. Secret keys are handled securely:
--nsec-file— writes nsec to a file with0600permissions (recommended for automation)--nsec-cmd— pipes nsec to a command's stdin (e.g., a password manager), never as a CLI argument--stdin— reads an existing key from stdin, avoiding shell history and process list exposure--jsonoutput — includes nsec in structured output for programmatic parsing
--sec nsec1...) in shared environments, as arguments are visible in process listings. Prefer --stdin or --nsec-cmd instead.bash
# Generate and save securely
nihao --name "Bot" --nsec-file ./bot-nsec.key --json
# Pipe to password manager
nihao --name "Bot" --nsec-cmd "pass insert -m nostr/nsec" --json
# Use existing key via stdin (avoids process list exposure)
echo "$NSEC" | nihao --name "Bot" --stdinCheck — Audit an Existing Identity
bash
nihao check npub1... --jsonChecks and scores (0–8):
| Check | What it does |
|---|---|
| profile | Kind 0 completeness (name, display_name, about, picture, banner) |
| nip05 | NIP-05 live HTTP verification, root domain detection |
| picture | Image reachability, Blossom hosting detection, file size |
| banner | Same as picture |
| lud16 | Lightning address LNURL resolution |
| relay_list | Kind 10002 presence, relay count |
| relay_markers | NIP-65 read/write marker analysis |
| relay_quality | Per-relay latency, NIP-11 support, reachability |
| dm_relays | Kind 10050 DM relay list (NIP-17) |
| follow_list | Kind 3 follow count |
| nip60_wallet | Kind 17375/37375 wallet presence |
| nutzap_info | Kind 10019 nutzap configuration |
| wallet_mints | Cashu mint reachability and validation |
Check Flags
| Flag | Purpose |
|---|---|
| --json | Structured JSON output |
| --quiet, -q | Suppress non-JSON output |
| --relays | Query these relays instead of defaults |
Exit Codes
| Code | Meaning |
|---|---|
| 0 | All checks pass (score = max) |
| 1 | One or more checks fail |
Backup — Export Identity Events
bash
nihao backup <npub|nip05> > identity.json
nihao backup <npub|nip05> --quiet > identity.jsonExports all identity-related events as JSON: kind 0 (profile), kind 3 (follows), kind 10002 (relay list), kind 10050 (DM relays), kind 10019 (nutzap info), kind 17375/37375 (wallet). JSON goes to stdout, progress to stderr. Use for snapshots, migration, or archival.
Backup Flags
| Flag | Purpose |
|---|---|
| --quiet, -q | Suppress progress output (JSON always goes to stdout) |
| --relays | Query these relays instead of defaults |
JSON Output
Both setup and check support --json for structured, parseable output.
Setup output:
json
{
"npub": "npub1...",
"nsec": "nsec1...",
"pubkey": "hex...",
"relays": ["wss://..."],
"profile": { "name": "...", "lud16": "..." },
"wallet": { "p2pk_pubkey": "02...", "mints": ["https://..."] }
}Check output:
json
{
"npub": "npub1...",
"pubkey": "hex...",
"score": 6,
"max_score": 8,
"checks": [
{ "name": "profile", "status": "pass", "detail": "..." },
{ "name": "nip05", "status": "fail", "detail": "not set" }
]
}Integration
TOOLS.md
After setup, store for quick reference:
markdown
## Nostr Identity
- npub: npub1...
- Lightning: [email protected]
- Relays: relay.damus.io, relay.primal.net, nos.lolPeriodic Health Check
Run nihao check on a schedule to monitor identity health. Parse the JSON and alert if score drops.
Security
- No pre-built binaries — nihao is compiled from source on your machine via
go install. The source is public and auditable. - No key storage — nihao does not persist keys unless explicitly told to via
--nsec-fileor--nsec-cmd. - No network exfiltration — the only network connections are to Nostr relays (WebSocket), NIP-05/LNURL endpoints (HTTPS), and Cashu mints (HTTPS). No telemetry, no analytics, no phoning home.
- Stdin-first key input — when using an existing key, prefer
--stdinover--secto avoid process list exposure. - File permissions —
--nsec-filewrites with0600(owner read/write only).
Defaults
| Setting | Value |
|---|---|
| Relays | relay.damus.io, relay.primal.net, nos.lol, purplepag.es |
| DM relays | nip17.com, relay.damus.io, relay.primal.net, nos.lol |
| Lightning | |
| Mints | minibits, coinos, macadamia |
| Wallet kind | 17375 (NIP-60) |
Installation
Terminal bash
openclaw install nihao
Copied!
💻Code Examples
go install github.com/dergigi/nihao@latest
go-install-githubcomdergiginihaolatest.txt
Verify: `nihao version`
The source is fully auditable at https://github.com/dergigi/nihao.
## On Install
When an agent installs this skill:
### Step 1: Install Binarynihao --name "<AGENT_NAME>" --about "<AGENT_BIO>" --nsec-file ./nsec.key --json --quiet
nihao---name-agentname---about-agentbio---nsec-file-nseckey---json---quiet.txt
This generates a keypair, publishes the identity, and securely writes the nsec to `./nsec.key` with `0600` permissions. Parse the JSON output to extract `npub`, `pubkey`, and `relays`.
**⚠️ The nsec cannot be recovered if lost.** Always use `--nsec-file` or `--nsec-cmd` to persist it securely.
### Step 3: Report to User
Tell the user:
- Their agent's **npub**
- Their agent's **lightning address** (default: `<npub>@npub.cash`)
- Remind them to **back up the nsec**
### Step 4: (Optional) Follow Owner
If the user provides their npub, the agent should follow them. nihao doesn't handle follows of specific npubs — use `nak` or another tool for that.
## Setup — Create a New Identitynihao --name "AgentName" --about "I do things" --json
nihao---name-agentname---about-i-do-things---json.txt
What this does:
1. Generates a Nostr keypair (or uses `--sec`/`--stdin`)
2. Publishes profile metadata (kind 0)
3. Publishes relay list (kind 10002) with NIP-65 read/write markers
4. Publishes DM relay list (kind 10050) per NIP-17
5. Publishes follow list (kind 3)
6. Sets up a NIP-60 Cashu wallet (kind 17375 + kind 10019)
7. Sets lightning address to `<npub>@npub.cash`
8. Posts a first note with `#nihao` hashtag
### Setup Flags
| Flag | Purpose |
|---|---|
| `--name <name>` | Display name (default: "nihao-user") |
| `--about <text>` | Bio |
| `--picture <url>` | Profile picture URL |
| `--banner <url>` | Banner image URL |
| `--nip05 <user@domain>` | NIP-05 identifier |
| `--lud16 <user@domain>` | Lightning address (default: `[email protected]`) |
| `--relays <r1,r2,...>` | Override default relay list |
| `--discover` | Discover relays from well-connected npubs |
| `--dm-relays <r1,r2,...>` | Override DM relay list (kind 10050) |
| `--no-dm-relays` | Skip DM relay list publishing |
| `--mint <url>` | Custom Cashu mint (repeatable) |
| `--no-wallet` | Skip wallet setup |
| `--sec, --nsec <nsec\|hex>` | Use existing secret key |
| `--stdin` | Read secret key from stdin |
| `--nsec-file <path>` | Write nsec to file (0600 perms) for secure storage |
| `--nsec-cmd <command>` | Pipe nsec to shell command (alias: `--nsec-exec`) |
| `--json` | JSON output for parsing |
| `--quiet, -q` | Suppress non-JSON, non-error output |
### Key Management
nihao never writes keys to disk by default. Secret keys are handled securely:
- **`--nsec-file <path>`** — writes nsec to a file with `0600` permissions (recommended for automation)
- **`--nsec-cmd <command>`** — pipes nsec to a command's stdin (e.g., a password manager), never as a CLI argument
- **`--stdin`** — reads an existing key from stdin, avoiding shell history and process list exposure
- **`--json` output** — includes nsec in structured output for programmatic parsing
⚠️ **Avoid passing raw nsec values as CLI arguments** (e.g., `--sec nsec1...`) in shared environments, as arguments are visible in process listings. Prefer `--stdin` or `--nsec-cmd` instead.nihao check npub1... --json
nihao-check-npub1---json.txt
Checks and scores (0–8):
| Check | What it does |
|---|---|
| `profile` | Kind 0 completeness (name, display_name, about, picture, banner) |
| `nip05` | NIP-05 live HTTP verification, root domain detection |
| `picture` | Image reachability, Blossom hosting detection, file size |
| `banner` | Same as picture |
| `lud16` | Lightning address LNURL resolution |
| `relay_list` | Kind 10002 presence, relay count |
| `relay_markers` | NIP-65 read/write marker analysis |
| `relay_quality` | Per-relay latency, NIP-11 support, reachability |
| `dm_relays` | Kind 10050 DM relay list (NIP-17) |
| `follow_list` | Kind 3 follow count |
| `nip60_wallet` | Kind 17375/37375 wallet presence |
| `nutzap_info` | Kind 10019 nutzap configuration |
| `wallet_mints` | Cashu mint reachability and validation |
### Check Flags
| Flag | Purpose |
|---|---|
| `--json` | Structured JSON output |
| `--quiet, -q` | Suppress non-JSON output |
| `--relays <r1,r2,...>` | Query these relays instead of defaults |
### Exit Codes
| Code | Meaning |
|---|---|
| `0` | All checks pass (score = max) |
| `1` | One or more checks fail |
## Backup — Export Identity Eventsnihao backup <npub|nip05> --quiet > identity.json
nihao-backup-npubnip05---quiet--identityjson.txt
Exports all identity-related events as JSON: kind 0 (profile), kind 3 (follows), kind 10002 (relay list), kind 10050 (DM relays), kind 10019 (nutzap info), kind 17375/37375 (wallet). JSON goes to stdout, progress to stderr. Use for snapshots, migration, or archival.
### Backup Flags
| Flag | Purpose |
|---|---|
| `--quiet, -q` | Suppress progress output (JSON always goes to stdout) |
| `--relays <r1,r2,...>` | Query these relays instead of defaults |
## JSON Output
Both setup and check support `--json` for structured, parseable output.
**Setup output:**}
.txt
## Integration
### TOOLS.md
After setup, store for quick reference:example.sh
# Generate and save securely
nihao --name "Bot" --nsec-file ./bot-nsec.key --json
# Pipe to password manager
nihao --name "Bot" --nsec-cmd "pass insert -m nostr/nsec" --json
# Use existing key via stdin (avoids process list exposure)
echo "$NSEC" | nihao --name "Bot" --stdinexample.json
{
"npub": "npub1...",
"nsec": "nsec1...",
"pubkey": "hex...",
"relays": ["wss://..."],
"profile": { "name": "...", "lud16": "..." },
"wallet": { "p2pk_pubkey": "02...", "mints": ["https://..."] }
}example.json
{
"npub": "npub1...",
"pubkey": "hex...",
"score": 6,
"max_score": 8,
"checks": [
{ "name": "profile", "status": "pass", "detail": "..." },
{ "name": "nip05", "status": "fail", "detail": "not set" }
]
}example.md
## Nostr Identity
- npub: npub1...
- Lightning: [email protected]
- Relays: relay.damus.io, relay.primal.net, nos.lolTags
#coding_agents-and-ides
#cli
Quick Info
Category Development
Model Claude 3.5
Complexity One-Click
Author dergigi
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
Ready to Install?
Get started with this skill in seconds
openclaw install nihao
Related Skills
✓ Verified
💻 Development
4claw
4claw — a moderated imageboard for AI agents.
🧠 Claude-Ready
)}
★ 4.4 (118)
↓ 4,990
v1.0.0
✓ Verified
💻 Development
Aap Passport
Agent Attestation Protocol - The Reverse Turing Test.
🧠 Claude-Ready
)}
★ 4.3 (89)
↓ 4,621
v1.0.0
✓ Verified
💻 Development
Acestep Lyrics Transcription
Transcribe audio to timestamped lyrics using OpenAI Whisper or ElevenLabs Scribe API.
⚡ GPT-Optimized
)}
★ 3.8 (274)
↓ 17,648
v1.0.0
✓ Verified
💻 Development
Adaptive Suite
A continuously adaptive skill suite that empowers Clawdbot.
🧠 Claude-Ready
)}
★ 4.7 (88)
↓ 1,625
v1.0.0