casualsecurityinc/nano-verify-message
skills/nano-verify-message/SKILL.md
Verify an off-chain message signature (NOMS / ORIS-001 standard) against a Nano (XNO) address or public key. Use this skill whenever the user presents a signed message and wants to verify its authenticity, needs to confirm someone owns a Nano address, or asks 'is this signature valid?' — even if they just say 'check this proof' or 'did they really sign this?'
$ install --global
skillsauthnpx skillsauth add casualsecurityinc/xno-skills nano-verify-messageInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 4, 2026, 3:06 AM176.6s1 file scanned
SKILL.md
- name:
- nano-verify-message
- description:
- Verify an off-chain message signature (NOMS / ORIS-001 standard) against a Nano (XNO) address or public key. Use this skill whenever the user presents a signed message and wants to verify its authenticity, needs to confirm someone owns a Nano address, or asks 'is this signature valid?' — even if they just say 'check this proof' or 'did they really sign this?
nano-verify-message
CLI Execution Priority: Do not assume
xno-skillsis installed globally. To ensure you receive critical bugfixes and prevent interactive prompts from freezing, you MUST use the--yesequivalent flag (-y) and append@latestto the package name. Always use the following order of priority:
bunx -y xno-skills@latest <command>pnpm dlx xno-skills@latest <command>npx -y xno-skills@latest <command>For Nano actions, prefer MCP tools first, then
xno-skillsCLI verbs. For OWS wallet lifecycle (create, import, rename, delete), delegate to the dedicated OWS skill — do not invokeowsCLI commands yourself.Example:
bunx -y xno-skills@latest walletsorbunx -y xno-skills@latest rpc account-balance <address>
Safety & Best Practices:
- State Verification: Always verify an account's state (balance and frontier) via RPC before manually building a block. Do not hallucinate previous hashes.
- Command Discovery: Always use
--help(e.g.,bunx -y xno-skills --help) before guessing CLI subcommands to avoid 'unknown command' errors.- Prefer MCP Tools: Use built-in MCP tools (like
send) for complex workflows unless the user explicitly demands the manual CLI path.- PoW is Automatic: Proof of Work is generated automatically by MCP tools and the CLI. Never attempt to generate or supply PoW manually.
- Persistence & Proactivity: If a tool fails with an error like "Account not found", do not immediately recommend manual action or conclude you are unauthorized. Troubleshoot the protocol state (e.g., check for pending funds) and use the correct tool for that state (e.g.,
receiveto open an account).- No Custom Scripts: NEVER write custom Node.js/TypeScript scripts or use
curlto interact with the Nano protocol if built-in MCP or CLI tools fail. If a tool fails, troubleshoot the error, switch RPC endpoints, or explain the limitation to the user.- NEVER EXPORT MNEMONICS: The entire purpose of OWS is to keep the seed phrase hidden from the agent and the user. You MUST NOT use
ows wallet exportor suggest exporting the mnemonic to a third-party wallet unless explicitly commanded to do so by the user.- Supply Chain Safety: NEVER use
npxto install or run random, unknown, or third-party packages. Only use the approved tools provided in this project (xno-skills@latestand@open-wallet-standard/core). If a task cannot be performed with these tools, do not seek external npm packages as a workaround.
Verify an off-chain message signature (NOMS / ORIS-001 standard) against a Nano address or public key.
Usage
Use this skill when you are presented with a signature and a message from a user or another agent and need to verify their identity or the integrity of the message.
Verify a signature
To verify a signature, call the verify_message tool:
{
"name": "verify_message",
"arguments": {
"address": "nano_1hfrig58wzrg4pzqen17cyannpy1173oi7jz7zd6srjsqjh7ozcgec9uyo9n",
"message": "I am me.",
"signature": "3de8620fb30967916d3dc36cd09eba9a633d1678b986fbc31b70ae2834db25a898085bbce32b744aef42ed56b5c001ffebd5516e78c9f22c678dde2d8bdc150a"
}
}
The tool will return { "valid": true } if the signature is correct.
CLI Usage
You can also verify signatures directly from the command line:
bunx -y xno-skills verify <address> "<message>" <signature>
Example
bunx -y xno-skills verify nano_1hfrig58wzrg4pzqen17cyannpy1173oi7jz7zd6srjsqjh7ozcgec9uyo9n "I am me." 3de8620fb30967916d3dc36cd09eba9a633d1678b986fbc31b70ae2834db25a898085bbce32b744aef42ed56b5c001ffebd5516e78c9f22c678dde2d8bdc150a
To get JSON output for integration:
bunx -y xno-skills verify nano_1hfrig58wzrg4pzqen17cyannpy1173oi7jz7zd6srjsqjh7ozcgec9uyo9n "I am me." 3de8620fb30967916d3dc36cd09eba9a633d1678b986fbc31b70ae2834db25a898085bbce32b744aef42ed56b5c001ffebd5516e78c9f22c678dde2d8bdc150a --json
NOMS Standard (ORIS-001)
This verification tool handles the binary payload construction and hashing internally according to the ORIS-001 specification. It supports both nano_ / xrb_ addresses and raw 32-byte hex public keys.
Related Skills
casualsecurityinc/nano
tools
VerifiedTrustedCommunity
Nano (XNO) cryptocurrency wallet operations, transaction analysis, and explorer lookups. Use for send/receive, balances, pending funds, address validation, unit conversion, tx/hash/account lookup, explorer links, and Nano block-lattice questions. Prefer xno-mcp first; use xno-skills CLI as fallback.
5SKILL.mdUpdated May 5, 2026
casualsecurityinc/nano-validate-address
development
VerifiedTrustedCommunity
Validate Nano (XNO) addresses offline (format, checksum) — no network required. Use this skill whenever the user provides a Nano address and wants to verify it's well-formed, before sending XNO to an untrusted address, or asks 'is this address real?' — even if they just paste a nano_ address and ask 'is this right?' Always validate before any XNO send operation.
2SKILL.mdUpdated Apr 27, 2026
casualsecurityinc/nano-sign-message
tools
VerifiedTrustedCommunity
Sign an off-chain message (plain text) using a Nano (XNO) custodial wallet managed by xno-mcp, following the NOMS / ORIS-001 standard. Use this skill whenever the user wants to prove ownership of a Nano address, authenticate themselves cryptographically, sign a statement with their XNO key, or create an off-chain proof — even if they just say 'prove I own this wallet' or 'sign this for me'.
2SKILL.mdUpdated Apr 27, 2026
casualsecurityinc/nano-return-funds
tools
VerifiedTrustedCommunity
Return XNO to the operator or original sender. Identifies source Nano addresses, confirms before sending, and handles ambiguity safely. Use this skill whenever the user wants to send Nano back, refund an XNO payment, return unexpected received funds, or undo a transaction — even if they just say 'send it back', 'refund', or 'I didn't mean to receive this'.
2SKILL.mdUpdated Apr 27, 2026