LNBits Wallet wtih QR Code

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed LNbits wallet helper with sensitive payment abilities, but its behavior matches its wallet-management purpose and includes user-confirmation instructions for payments.

Install only if you are comfortable giving the assistant access to an LNbits admin key. Use a dedicated low-balance wallet, verify decoded invoice details before confirming payment, keep the adminkey out of chat and shared terminals, and set LNBITS_BASE_URL to the LNbits server you intend to use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 96% confidence
Finding: The skill invokes shell commands, reads environment variables, accesses the network, and writes files, yet it declares no permissions or capability boundaries. In an agent environment, this creates a dangerous trust gap: users and orchestrators may approve or run the skill without understanding it can access wallet secrets and perform real payment actions.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The advertised behavior is wallet balance/pay/invoice management, but the documented commands also create new wallets, decode invoices, and write QR files to disk. That mismatch can mislead users and policy engines about the true attack surface, increasing the risk of secret exposure, unintended account creation, or unreviewed filesystem/network side effects in a financial context.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill description says it manages an LNbits wallet through balance, pay, and invoice actions, but the code also exposes wallet/account creation. This mismatch weakens user and operator understanding of the skill's capabilities, which can lead to unintended account provisioning, policy bypass, or trust decisions based on incomplete disclosure.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The pay command directly executes a Lightning payment with no built-in confirmation, preview, or safety interlock. In an agent skill context, this is dangerous because a mistaken prompt, malicious instruction chain, or invoice substitution could cause immediate irreversible fund transfer.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal