Skillv1.0.2

ClawScan security

LNBits Wallet wtih QR Code · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:11 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requested environment variables are coherent with its stated purpose (managing an LNbits wallet); there are no disproportionate permissions, unexpected installers, or hidden endpoints, but pay attention to handling the adminkey printed by the create command and the SKILL.md's strict output-format requirements.
Guidance: This skill appears to do what it says: call your LNbits instance to check balance, create invoices (with QR), decode invoices, and pay invoices. Before installing or using it, consider the following: - Keep your LNBITS_API_KEY secret. The CLI's create command will print an adminkey/base_url to the terminal; the SKILL.md instructs the assistant not to paste that into chat, but you must copy it from the terminal into your environment yourself — never paste adminkeys into public chat. - Use the smallest-privilege key appropriate for your workflow (if LNbits supports limited tokens, prefer them over a full admin key for read-only operations). - The skill requires the optional Python package qrcode[pil] to generate image files locally. If not installed, invoice generation will still work but QR files will not be created. - The SKILL.md enforces an exact MEDIA: single-line format so the agent can send the QR image. There is a minor mismatch in examples vs. how the script builds relative paths; be cautious that your agent forwards the exact file path produced by the CLI and does not echo secrets from command output into chat. - The script only talks to the configured LNBITS_BASE_URL (no other network endpoints). Review and run the bundled script locally first (with a test/demo wallet) to confirm behavior before giving the skill access to a production adminkey. If you want higher assurance, test the CLI manually against a demo instance, verify the files saved under .lnbits_qr, and confirm the assistant reproduces only the allowed output (payment_request and MEDIA line) and asks explicit confirmation before any payment.

Review Dimensions

Purpose & Capability: okName/description match the requested environment variables (LNBITS_API_KEY, LNBITS_BASE_URL) and the included CLI. The required binary (python3) and optional Python dependency (qrcode[pil]) are appropriate for generating invoices/QRs and calling the LNbits API. Nothing requested is unrelated to LNbits wallet management.
Instruction Scope: noteSKILL.md is explicit about secrecy and confirmation and instructs running the bundled CLI. It mandates an exact response format (show payment_request and a single-line MEDIA: <path>). This is generally fine, but two small scope notes: (1) the create command prints adminkey/base_url to stdout (SKILL.md instructs the assistant to not echo secrets back into chat — this relies on the agent actually following that rule); (2) SKILL.md examples reference a MEDIA path like './clawd/.lnbits_qr/...' while the CLI creates './.lnbits_qr/...' relative paths — the exact path format required by the SKILL.md may not always match what the CLI returns, so the agent must not alter or accidentally expose secret data when reformatting command output.
Install Mechanism: okNo install spec is provided (instruction-only with included scripts). There are no downloads from external or untrusted URLs and no extract operations. The only install-time dependency is a Python package (qrcode[pil]) which the metadata mentions — low-risk.
Credentials: okThe skill requires two environment variables: LNBITS_API_KEY (primary) and LNBITS_BASE_URL. Both are necessary and expected for interacting with an LNbits instance. No unrelated credentials or system config paths are requested.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills or system-wide settings. The CLI writes temporary QR files in a local .lnbits_qr directory (limited persistence) — files are cleaned after 5 minutes.