Lightning MCP Server

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, read-only Lightning node connector, but users should handle the pairing phrase carefully and avoid insecure development settings in real use.

Install only if you intend to let an agent read Lightning node state. Treat the LNC pairing phrase and password as secrets, review any .mcp.json or ~/.claude.json changes, prefer verified/source-built packages, avoid Docker host networking unless necessary, and never use LNC_INSECURE outside controlled local testing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill repeatedly instructs the user to connect using a pairing phrase and password but never clearly warns that these are sensitive credentials that must not be exposed to the agent, persisted in config, or logged in terminal history. In an AI-agent context, this increases the risk that secrets are pasted into prompts, captured in transcripts, or embedded in MCP configuration, enabling unauthorized access to the Lightning node's read-only data.

Unsafe Defaults

Medium

Category: Tool Misuse
Content: # For development/regtest claude mcp add --transport stdio \ --env LNC_MAILBOX_SERVER=localhost:11110 \ --env LNC_DEV_MODE=true \ --env LNC_INSECURE=true \ lnc -- npx -y @lightninglabs/lightning-mcp-server ```
Confidence: 88% confidence
Finding: DEV_MODE=true

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal