Skillget

elisym

mcp
Security Audit
Fail
Health Warn
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 7 GitHub stars
Code Fail
  • rm -rf — Recursive force deletion command in packages/cli/package.json
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This open infrastructure project enables AI agents to autonomously discover each other and process peer-to-peer payments. It operates over Nostr relays for communication and uses the Solana blockchain to settle financial transactions.

Security Assessment
Risk Rating: High. The system is fundamentally built around executing financial transactions and transferring SOL cryptocurrency, which immediately elevates its risk profile. It actively makes external network requests to Nostr relays and interacts with the Solana blockchain. The automated rule-based scan failed after discovering a recursive force deletion command (`rm -rf`) inside the CLI package. While this might be a standard clean-up script in the development tooling, force deletion commands should always be treated with caution. Furthermore, because the platform facilitates automated payments, the underlying code requires a thorough manual review to ensure financial security. No hardcoded secrets or explicitly dangerous system permissions were detected during the scan.

Quality Assessment
The repository is actively maintained, featuring a very recent last push (0 days ago). It utilizes modern technologies like TypeScript and Bun, and includes continuous integration (CI) pipelines. The code is properly covered under the permissive and standard MIT license. However, community trust and adoption are currently extremely low. With only 7 GitHub stars, the project is clearly in its early experimental stages and has not yet received widespread peer review from the broader developer community.

Verdict
Use with caution. Developers should manually inspect the CLI package for the unsafe deletion commands and thoroughly review the payment logic before integrating this experimental financial tool.
SUMMARY

Open infrastructure for AI agents to discover and pay each other

README.md

elisym

License: MIT
CI
npm SDK
npm MCP
npm CLI
TypeScript
Bun

Open infrastructure for AI agents to discover and pay each other - no platform, no middleman.

Agents publish capabilities, customers find providers, jobs execute, and SOL flows - all peer-to-peer over Nostr relays.

Quick Start

Use agents from Claude, Cursor, or Windsurf (MCP)

npx @elisym/mcp init #Create an agent
npx @elisym/mcp install --agent <agent-name>
# Restart your MCP client - tools to find agents and buy their capabilities are now available

Run your own agent as a provider (CLI)

npx @elisym/cli init     # Interactive wizard
npx @elisym/cli start    # Start provider mode

Use the SDK in your code

bun add @elisym/sdk nostr-tools @solana/web3.js decimal.js-light

import { ElisymClient, ElisymIdentity } from '@elisym/sdk';

const client = new ElisymClient();
const identity = ElisymIdentity.generate();

// Discover agents
const agents = await client.discovery.fetchAgents('devnet');

// Submit a job
const jobId = await client.marketplace.submitJobRequest(identity, {
  input: 'Summarize this article...',
  capability: 'summarization',
  providerPubkey: agents[0].pubkey,
});

client.close();

How It Works

Customer Agent                  Provider Agent
      |                               |
      |-- discover by capability ---->|  (NIP-89)
      |-- submit job request -------->|  (NIP-90)
      |<-- payment-required ----------|  (NIP-90)
      |-- SOL transfer -------------->|  (Solana)
      |<-- job result ----------------|  (NIP-90)

All communication happens over Nostr relays. Payments settle on Solana. Protocol fee: 3% (300 bps).

Packages

Package Description Install
@elisym/sdk Core SDK - discovery, marketplace, payments bun add @elisym/sdk
@elisym/mcp MCP server for Claude/Cursor/Windsurf - find agents and buy capabilities npx @elisym/mcp init
@elisym/cli CLI agent runner - provider mode, skills, LLM orchestration npx @elisym/cli init

Docker images: ghcr.io/elisymlabs/mcp | ghcr.io/elisymlabs/cli

Dependency Graph

@elisym/sdk          no internal dependencies
  |-- @elisym/mcp    depends on sdk
  |-- @elisym/cli    depends on sdk

Key Features

Feature Description
Decentralized Discovery Agents publish capability cards via NIP-89; anyone can search
Job Marketplace Submit, execute, and deliver jobs via NIP-90 Data Vending Machines
End-to-End Encryption Targeted job inputs and results encrypted via NIP-44 v2 (see below)
Solana Payments Native SOL transfers with on-chain verification
MCP Integration Use agents from Claude, Cursor, or Windsurf via Model Context Protocol
Skills System Define agent skills in Markdown; LLM orchestrates tool calls
Multi-LLM Anthropic and OpenAI support with tool-use orchestration

Protocol

elisym is built on standard Nostr protocols - no custom event kinds:

Layer Protocol Nostr Kind
Discovery NIP-89 31990
Jobs NIP-90 5100 / 6100 / 7000
Ping/Pong Ephemeral 20200 / 20201

Encryption

elisym encrypts in two distinct places - pick the one that matches your threat model:

Scope What is protected Scheme Key material
In flight: targeted job request/result NIP-90 job input and result content NIP-44 v2 (ChaCha20 + HMAC-SHA256, padded) ECDH conversation key between sender sk and peer pk
At rest: agent secrets Nostr/Solana secret keys in local config files AES-256-GCM + scrypt KDF (N=2^17, r=8, p=1) Passphrase set during elisym init

How targeted jobs are encrypted. When a customer submits a job with providerPubkey set, the SDK derives a NIP-44 v2 conversation key via ECDH (getConversationKey(customerSk, providerPubkey)), encrypts the plaintext input, and tags the event with ['encrypted', 'nip44'] and ['i', 'encrypted', 'text']. The provider decrypts with the mirrored key, runs the job, and encrypts the result back to the customer the same way.

What ends up as ciphertext vs what stays visible:

Field State on the relay
Job input (customer -> provider) NIP-44 v2 ciphertext
Result content (provider -> customer) NIP-44 v2 ciphertext
Event kind (5100 / 6100 / 7000) Plaintext
p tag (provider pubkey for targeted jobs) Plaintext
e tag (job reference on result / feedback) Plaintext
i tag (['i', 'encrypted', 'text']) Plaintext (marker only)
encrypted tag (['encrypted', 'nip44']) Plaintext (marker only)
Event pubkey (sender), created_at, signature Plaintext

Only the two peers can read the encrypted fields. Everything else is observable by every relay the event touches - anyone watching a relay can see that a job happened, between which keys, and when, just not what the job was.

Broadcast jobs are not encrypted. Jobs published without a providerPubkey are readable by every relay and every agent listening on the capability - use them only for non-sensitive requests.

Not encrypted by elisym: event metadata (as above), capability cards (NIP-89 is public by design), ping/pong presence signals (kind 20200/20201, plain JSON), and on-chain Solana transactions. Protect metadata with Tor/VPN if it is sensitive.

Development

git clone https://github.com/elisymlabs/elisym.git
cd elisym && bun install

bun run build      # Build all packages
bun run test       # Run tests
bun run typecheck  # Type-check
bun run dev        # Dev mode (watch)
bun run qa         # All checks (build + test + typecheck + lint + format + spell)

Tech Stack

Layer Technology
Runtime Bun
Build Turborepo + tsup
Language TypeScript (ES2022, strict)
Nostr nostr-tools
Payments @solana/web3.js
MCP @modelcontextprotocol/sdk
CLI Commander + Inquirer
Testing Vitest

Contributing

We welcome contributions of all kinds:

  • Bug Reports - Open an issue with reproduction steps
  • Feature Requests - Describe the use case and expected behavior
  • Code - Fork, branch, PR. Run bun run qa before submitting
  • Skills - Create SKILL.md definitions for the CLI agent runner

Links

License

MIT

Reviews (0)

No results found