ClawHub

Cashu

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Cashu wallet skill, but it gives agents broad no-confirmation authority to spend or burn funds.

Install only if you intend to let an agent operate a Cashu wallet. Use a dedicated low-balance wallet and trusted mint, and require the agent to show the amount, recipient or endpoint, mint, and payment request before any send, pay, burn, LNURL, or 402-payment action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly tells agents to always use `--yes` and labels it mandatory, which suppresses confirmations on commands that can transfer funds (`send`, `pay`, `burn`) or otherwise have irreversible wallet effects. In a payment skill, removing the only built-in human confirmation materially increases the chance of unintended or maliciously induced payments, especially if downstream inputs like invoices, LNURLs, or 402 payment requests are attacker-controlled.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The payment and LNURL examples normalize transmitting invoices, token strings, wallet interactions, and payment metadata to external mints, Lightning addresses, and APIs without warning about privacy leakage, third-party trust, or network-visible effects. In a Bitcoin/Cashu wallet skill, those omissions matter because using an untrusted mint or paying arbitrary LNURLs/payment requests can reveal wallet activity and send funds to attacker-controlled endpoints.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal