ClawHub

Lightning Agentic Commerce

Security checks across malware telemetry and agentic risk

Overview

The skill matches its Lightning commerce purpose, but it gives agents real payment, wallet-secret, and public endpoint authority without enough up-front control guidance.

Review the referenced lnd, lnget, and aperture scripts before running them. Start on testnet or with negligible funds, keep seed and macaroon files protected, require manual approval for funding, channel opening, and paid fetches, set both per-request and total budgets, use --no-pay for inspection first, and do not expose aperture publicly with --insecure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup flow directs users to create and fund a Lightning wallet before any prominent warning that the workflow stores the wallet passphrase and seed mnemonic on local disk. In this context, those files are highly sensitive because compromise of the host can directly lead to theft of funds, and the warning appears only later in a summary rather than at the point of action.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The buyer workflow shows routine fetch commands for L402 resources but does not prominently warn that successful requests can automatically pay invoices and spend real sats. In an agentic commerce skill, this is especially risky because an automated agent may repeatedly call endpoints and incur unintended charges.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The seller setup explicitly uses aperture with the --insecure flag yet does not warn at the command site about the consequences. That can expose a paid API endpoint without proper transport or trust protections, enabling interception, misuse, or unsafe deployment if copied into a real environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal