Back to skill

Security audit

Archon Lightning

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for Lightning payments, but it gives an agent direct authority to move real funds using local wallet credentials with limited built-in safeguards.

Review before installing. Use only a low-balance wallet, protect `~/.archon.env`, pin and audit `@didcid/keymaster`, and require explicit human approval plus invoice/recipient/amount review before any payment or zap.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation for `lightning-zap.sh` gives conflicting guidance: it says the script automatically verifies settlement, then later says it returns a payment hash and 'you still need to verify.' In a payment skill, contradictory settlement semantics can cause users or agents to treat an unpaid or pending transfer as successful, leading to financial loss, failed service delivery, or business-logic abuse.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The file first claims `lightning-pay.sh` automatically verifies settlement and that no manual check is needed, but later examples and best-practices instruct users to manually extract the payment hash and call `lightning-check`. This inconsistency is dangerous because payment confirmation is security-critical; agents may build incorrect control flow around the script and falsely conclude a payment succeeded or duplicate checks in ways that mask actual failures.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The script automatically sources ~/.archon.env, which may contain wallet secrets, API keys, or other sensitive configuration, even though the visible task is just sending and verifying Lightning payments. This creates implicit credential access and trust in a local file without validation, disclosure, or scope restriction, increasing the chance of secret exposure or unintended execution if that file is altered.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README provides copy-pasteable commands for creating wallets and sending Lightning payments, and emphasizes convenience and automatic verification, but does not clearly warn that these are real-money, often irreversible transactions. Users may pay the wrong invoice, send to an unintended Lightning Address/DID, or misunderstand that settlement confirmation does not validate business intent or recipient identity, leading to financial loss.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script unconditionally sources ~/.archon.env, which executes any shell code in that file in the current process rather than merely reading configuration values. Because this wrapper is for decoding a BOLT11 invoice and does not disclose that it will execute user-controlled environment content, it creates an unexpected code-execution and secret-loading behavior that expands the trust boundary beyond the invoice-decoding task.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script unconditionally sources ~/.archon.env, which executes any shell code present in that file and exposes secrets from a highly sensitive local configuration without any validation or disclosure. In a payments-related skill, this is more dangerous because the environment likely contains wallet credentials, API tokens, or DID material tied to Lightning operations, so compromise of that file or unexpected sourcing can directly affect funds or identity.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The script automatically sources ~/.archon.env, causing shell code and sensitive values from a user-controlled local file to be loaded into the current process without validation or warning. In a payment script, this expands trust to arbitrary shell content in that file and can expose or misuse wallet credentials if the file is tampered with or unexpectedly populated.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Using source on ~/.archon.env executes the file as shell code, not just as configuration, and the script provides no warning that running it will access and execute local credential-bearing content. If the env file is maliciously modified, the script will run attacker-controlled commands in the user's shell context before making the payment call.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script unconditionally sources ~/.archon.env, which executes arbitrary shell code from a user-controlled file in the current shell context. If that file is modified by an attacker, replaced through local compromise, or contains unexpected commands instead of simple variable assignments, running this helper script will execute them silently.

Credential Access

High
Category
Privilege Escalation
Content
# Usage: ./lightning-pay.sh <bolt11> [id]
# Returns: {"paymentHash": "...", "paid": true/false, "preimage": "..."}

source ~/.archon.env

# Pay the invoice
result=$(npx @didcid/keymaster lightning-pay "$@")
Confidence
89% confidence
Finding
.env

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.