Btcpay Server

Security checks across malware telemetry and agentic risk

Overview

This BTCPay Server skill is legitimate in purpose, but it gives broad authenticated control over crypto payment infrastructure without clear confirmation safeguards.

Review before installing. Use a least-privileged BTCPay/Membrane connection, verify what account and stores it can access, and require manual confirmation before creating or changing invoices, pull payments, stores, webhooks, payment settings, raw API calls, or deleting anything.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The skill description is broad enough to trigger on many generic BTCPay-related requests without clear guardrails on scope, risk, or required user intent. In a payments/crypto context, overbroad invocation can cause the agent to access financial data or initiate sensitive workflows when the user asked for something ambiguous.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill lists destructive capabilities such as deleting stores and creating or updating financial/payment objects without any warning, approval, or confirmation pattern. In a BTCPay environment, accidental or prompt-induced execution of destructive actions could disrupt merchant operations, remove configurations, or alter payment flows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal