ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nostr Wallet Connect (NWC) bridge for mdk-agent-wallet, which is self-custodial Bitcoin Lightning wallet for AI agents.

v1.0.0

Expose a local @moneydevkit/agent-wallet as a Nostr Wallet Connect (NIP-47) wallet-service (systemd user service).

0· 940·1 current·1 all-time
by@kristapsk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match what the files implement: a NIP‑47 bridge that listens on Nostr relays and forwards requests to a local @moneydevkit/agent-wallet via npx. However registry metadata lists no required env vars/credentials while the SKILL.md and index.js rely on multiple environment variables (NWC_RELAYS, NWC_STATE, NWC_AUTO_REGISTER, NWC_DEFAULT_BUDGET_SATS, etc.). That metadata mismatch is incoherent and could lead to accidental misconfiguration.
!
Instruction Scope
SKILL.md instructs running as a systemd user service and storing secrets in state.json (documented). The bridge decrypts events from public relays and executes wallet operations by invoking 'npx @moneydevkit/agent-wallet ...' from index.js. Using npx at runtime results in downloading and executing code from the npm registry — a broader network/execution scope than simply 'talking to a local wallet' and worth attention. The code otherwise confines reads/writes to the project directory and only uses the declared state/env files.
Install Mechanism
There is no formal install spec in the registry, but an installer script (install_systemd_user.sh) runs 'npm install' in the project directory and installs a systemd user unit. Dependencies come from npm (nostr-tools). The runtime use of 'npx -y @moneydevkit/agent-wallet' will fetch and execute that package from the network if not available locally — this is expected for functionality but increases supply-chain risk compared to a pinned local dependency.
!
Credentials
The skill declares no required environment variables in the registry metadata, yet index.js and SKILL.md rely on several env vars (NWC_RELAYS, NWC_STATE, NWC_AUTO_REGISTER, NWC_DEFAULT_BUDGET_SATS, NWC_AUTO_REGISTER_NAME). No external service credentials are requested, which is proportionate, but the metadata omission is misleading. Also state.json stores NWC secrets (documented) — you must protect that file.
Persistence & Privilege
The skill installs as a user-level systemd service (no root) and the unit limits access to the project's directory with typical hardening flags. always:false and normal autonomous invocation are set. The installer and service operate at user privilege levels only.
What to consider before installing
This package implements what it claims (a Nostr Wallet Connect bridge) but pay attention to three things before installing: 1) Review and trust the agent-wallet package: index.js calls 'npx -y @moneydevkit/agent-wallet ...' at runtime, which will download/execute that package from npm if it's not present — that can run arbitrary code as your user. If you don't fully trust that package, install it locally and/or vendor/pin it instead of relying on npx. 2) Protect state.json and the working directory: state.json contains NWC secrets (private keys) and must be stored with restrictive permissions. The systemd unit grants read/write only to the project directory — ensure that directory is in your home and not world-readable. 3) Configuration and auto-registration safety: the bridge can auto-register unknown client pubkeys if NWC_AUTO_REGISTER is enabled. Keep NWC_AUTO_REGISTER off (0) and set explicit budgets to avoid accidental spending. Consider running the service in a sandboxed user account or VM if you want stronger isolation. Additional recommendations: update the registry metadata to list required env vars, audit index.js (or run with a vendored agent-wallet binary), pin npm dependencies, and monitor logs for unexpected behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk974nd9eq5gmtj7ph86075xqz580zycp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments