In 99% of the apps it will be a valid nsec when the decoded string is matched to begin with text "nsec". That is the confirmation you need to know that the decoding without salt went OK.

The vector of attack is to use a large dictionary of known user-typed password against an encrypted nsec without salt nor using the hex version.