Skillv1.0.0

ClawScan security

aperture: the L402 aware reverse proxy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:46 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to be a legitimate Aperture L402 reverse proxy, but its files and runtime instructions access sensitive local Lightning node credentials (macaroons/TLS) and create persistent configs while the registry metadata does not declare those config paths or secrets—review before installing.
Guidance: This skill appears to bundle scripts to install and run the real Aperture proxy and will need access to your local Lightning node credentials (invoice macaroon) and TLS cert to create invoices. That behavior is coherent with the proxy's purpose, but the registry metadata does not disclose those config paths or secrets—treat that as a red flag. Before installing: - Inspect the included scripts (they are provided) and confirm you trust github.com/lightninglabs/aperture as the upstream. Consider pinning to a specific release instead of @latest. - Do not supply or expose admin macaroons. Use an invoice-only macaroon as recommended; verify the macaroon's capabilities before using it. - Prefer running the proxy in an isolated environment or container (the repo includes a docker-compose template) rather than on a host with your real Bitcoin/LND wallet. - Be aware the skill will create ~/.aperture and a sqlite DB and may run a background process; review logs (~/.aperture/aperture-start.log) after startup. - If you need stronger assurances, verify the binary source (git tag, commit hash) and consider building from source locally rather than using go install @latest. If you aren't comfortable with the skill reading macaroons/TLS certs or creating background services on your machine, do not install it or run it only in an isolated test environment.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and scripts clearly implement and install Lightning Labs' Aperture (go install github.com/lightninglabs/aperture). That purpose legitimately requires access to an LND node's TLS cert and invoice macaroon for creating invoices. However, the registry metadata declares no required config paths, env vars, or credentials even though the included scripts read/write ~/.lnd and ~/.aperture and reference invoice.macaroon. The omission of required config/credential declarations is an incoherence.
Instruction Scope: concernThe runtime instructions and bundled scripts perform actions beyond simply running a proxy: they auto-generate ~/.aperture/aperture.yaml, auto-detect and read LND macaroon directories and TLS cert paths, suggest baking or copying invoice macaroons, and start aperture as a background service. Reading macaroons and TLS certs is necessary for L402 but is sensitive behavior and should be explicitly declared. The instructions also reference another skill (macaroon-bakery) to create macaroons, which extends the privilege surface.
Install Mechanism: okThe install script uses `go install github.com/lightninglabs/aperture/cmd/aperture@...` and the templates/docker-compose uses the official lightninglabs/aperture image. These are standard, traceable upstream sources and not high-risk downloads from arbitrary servers. No suspicious URL shorteners or personal servers are used.
Credentials: concernThe skill metadata lists no required env vars or config paths, yet the scripts access $HOME/.lnd (macaroons, tls) and write persistent files to $HOME/.aperture. Access to invoice.macaroon (and potentially other macaroons) is sensitive and should be declared. The skill also suggests baking macaroons via another skill, which may require broader LND privileges if misused.
Persistence & Privilege: noteThe skill writes configuration to ~/.aperture, starts Aperture as a background process, and creates a persistent sqlite DB at ~/.aperture/aperture.db. It does not set always:true and does not modify other skills' configs. Persistent files and a background service are expected for this functionality, but users should be aware that it creates on-disk artifacts and a running process.