Delv
CommunityAbandoned· 1.4y4.3by Abdel Bakhta

Nostr MCP

Posts notes and interacts with the Nostr decentralised protocol across configurable relays.

View repo
C
Safety & Trust

Delv Safety Grade: C

Score 58/100 · assessed 2026-04-28

Maintainer45
Permissions60
Supply chain65
Transparency70
Incidents100

Nostr MCP is a community-maintained bridge to the decentralised Nostr protocol, authored by solo developer Abdel Bakhta. The server posts notes and reads feeds across configurable relays using a private key you supply via environment variable. Permissions are moderately scoped: it handles identity operations (signing with your private key) and network communication to Nostr relays, but doesn't touch filesystem or shell. The npm package exists and follows standard distribution, though the solo maintainer and relatively niche protocol create bus factor concerns. No known security incidents, but requiring a private key in plaintext environment variables is inherently sensitive. The repository is open source with reasonable documentation. Transparency is adequate but maintenance activity appears light. Suitable for users who already understand Nostr key management and accept the risks of exposing signing keys to MCP tooling.

Lethal Trifecta (prompt-injection exposure)

TRIFECTA RISK
All three axes present. This server can read private data, ingest attacker-controlled content, and send data outbound. A poisoned input (a GitHub issue, an email, a webpage) can exfiltrate secrets via this chain. Only install with auditing; avoid on shared or cloud agents.
Private dataYes
Reads secrets, credentials, private files
Untrusted inputYes
Ingests web pages, PRs, issues, emails
External commsYes
Can send data outbound

Public-by-design, but the relay model means the agent ingests notes from anyone. Same trifecta as Twitter.

Green flags

  • Open source with visible repository and clear purpose
  • Standard npm distribution via @smithery registry
  • No filesystem or shell access, network-only scope
  • No known security incidents or malicious versions
  • Decentralised protocol reduces single-point-of-failure risk

Red flags

  • Requires private key in env var, high-value credential exposure
  • Solo maintainer with limited GitHub activity, bus factor risk
  • Niche protocol with smaller security review surface
  • Identity signing operations carry irreversible consequences

Permissions requested

Outbound networkAccess secretsIdentity writeSend messagesRead messages
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

npx -y @smithery/cli install @AbdelStark/nostr-mcp --client claude
Env vars needed: NOSTR_PRIVATE_KEY

Review

Nostr MCP bridges Claude to the Nostr protocol, a decentralised social network that runs on relays instead of corporate servers. You can post notes, read feeds, and test relay connections without leaving your Claude session. The setup requires a Nostr private key, which you generate yourself or import from an existing Nostr identity. Once configured, you point it at whichever relays you trust and start posting. I'd reach for this when I'm already working in Claude and want to share a thought or code snippet to Nostr without context-switching to a dedicated client. The censorship-resistant angle is real: your notes propagate across multiple relays, so no single entity can delete them. The Lightning zap integration is a nice touch if you're already in the Bitcoin ecosystem, though it's not the main draw for most workflows. The quirks are typical of early Nostr tooling. You're managing private keys in environment variables, which means you need to trust your local setup. There's no hand-holding around relay selection, so you'll want to know which relays are fast and reliable before you configure them. The MCP doesn't abstract away Nostr's rough edges, it just makes them accessible from Claude. If you've never used Nostr before, this isn't the gentlest introduction. Reading feeds works, but you're limited to what the configured relays serve. If you follow accounts on relays you haven't added, you won't see their posts. Testing relay connectivity is genuinely useful if you're debugging Nostr infrastructure or evaluating new relays. The tool does what it claims without pretending to be more than a protocol bridge. Skip this if you're not already Nostr-curious or don't have a workflow that benefits from posting directly from Claude. The value is in convenience for people who already live in both ecosystems, not in making Nostr suddenly compelling if you've never cared about decentralised social protocols.
Verdict

Install if you're an active Nostr user who works in Claude and wants to post or read without switching apps. Skip if you're new to Nostr or don't have a specific use case that justifies managing private keys in your environment. The tool is competent but assumes you already understand the protocol.

Good at

  • Direct Nostr posting from Claude without app-switching, genuinely useful if you're already active on the protocol.
  • Configurable relay selection means you control where your notes propagate and which feeds you read.
  • Lightning zap integration works if you're in the Bitcoin ecosystem and want to send or receive payments alongside notes.
  • Censorship-resistant by design, your notes persist across multiple relays with no central point of failure.

Watch out

  • Requires managing a Nostr private key in environment variables, which adds security overhead to your local setup.
  • No relay discovery or recommendations, you need to know which relays to configure before you start.
  • Feed reading is limited to the relays you've added, so you'll miss posts from accounts on other relays.
  • Assumes familiarity with Nostr conventions and doesn't guide newcomers through protocol quirks.

Use cases

  • censorship-resistant posting
  • Nostr feed reading
  • relay testing
  • Lightning zap integrations

Getting started

1. Generate a Nostr private key using a tool like nak or import one from an existing Nostr client, then add it to your environment as NOSTR_PRIVATE_KEY. 2. Run `npx -y @smithery/cli install @AbdelStark/nostr-mcp --client claude` to install the server. 3. Add the server to your Claude Desktop config, specifying your preferred relays in the configuration object (check the repo for relay list formatting). 4. Restart Claude Desktop and verify the server appears in your MCP list, then try posting a test note to confirm relay connectivity. 5. Watch out for relay timeouts if you've configured slow or unreliable relays, as this will block the MCP's responses until they time out.

Works with

Claude DesktopClaude CodeCursor

Similar MCPs