Nostr Wallet Connect (NWC) bridge for mdk-agent-wallet, which is self-custodial Bitcoin Lightning wallet for AI agents.
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed Lightning wallet bridge, but it can grant persistent wallet-spending access and runs an unpinned npm wallet CLI, so users should review spending limits and trust before installing.
Install only if you intentionally want a long-running local Lightning wallet bridge. Before using real funds, pin and review the wallet CLI dependency, keep auto-registration disabled, create separate receive and send connections, set explicit low spending budgets, protect state.json and logs, and be ready to stop the user service if anything looks unexpected.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated NWC URI is a bearer credential for wallet access; if it is too broadly scoped or leaks, a client may be able to spend funds through the local wallet bridge.
Generated NWC connections can be stored without a visible budget cap, and connections without an allowlist fall back to methods that include pay_invoice.
budget_sats: Number.isFinite(budgetSats) ? budgetSats : null, ... const defaultMethods = ['pay_invoice', 'make_invoice', 'get_balance', 'get_info'];
Use separate receive/send connections, always set an explicit low spending budget for send connections, keep NWC URIs secret, and verify the code enforces budgets before connecting real funds.
Once configured, the bridge can perform wallet actions automatically for connected NWC clients, which is risky if permissions are broader than intended.
Remote NWC requests received through public relays can trigger local wallet CLI actions, including payment-related methods, without per-payment human approval shown in the artifacts.
Listens on one or more Nostr relays for NWC requests ... Executes the requested wallet method by calling `npx @moneydevkit/agent-wallet ...`.
Run only with trusted NWC clients, keep auto-registration disabled, configure strict method and budget limits, and monitor logs and wallet balance during initial use.
A compromised or changed npm package could alter the wallet commands used by the bridge.
The runtime executes @moneydevkit/agent-wallet through npx -y rather than a pinned dependency in the provided package lock, so future npm package changes can affect wallet behavior.
spawnSync('npx', ['-y', '@moneydevkit/agent-wallet', ...args], {Pin @moneydevkit/agent-wallet to a reviewed version, add it to package.json/package-lock, avoid npx -y in the payment path, and install from a trusted source.
Anyone with access to the state file or logs may learn sensitive wallet-connection information or payment details.
The bridge persists wallet-service secrets locally and logs decrypted NWC request payloads, which may include payment details.
State is stored in ./state.json (contains wallet service secret key). ... console.log(`[nwc] payload=${JSON.stringify(payload)}`);Store state.json with restrictive permissions, keep it out of backups and repositories, and reduce or sanitize decrypted payload logging in production.
The wallet bridge can continue running and accepting NWC requests after installation until the user disables the service.
The bridge is designed to run persistently as a user-level systemd service and automatically restart.
ExecStart=/usr/bin/node %h/agent-wallet-nwc-bridge/index.js run Restart=always
Only enable the service when needed, review `systemctl --user status agent-wallet-nwc-bridge.service`, and disable it with the documented command when not in use.