Lightning Security Module

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Lightning remote-signer skill, but it exports powerful signer credentials and exposes services broadly enough that users should review it carefully before using real funds.

Use testnet first. Before using mainnet funds, firewall ports 10012 and 10013 to only the watch-only node, replace the admin macaroon with a scoped signer-only macaroon, avoid transferring the base64 bundle through chats or logs, and secure or remove the stored seed and wallet password files. Inspect the external helper scripts this skill sources before running it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs users to export and transfer a bundle containing an admin macaroon and TLS certificate, and even offers a base64 copy-paste transport, without a prominent warning that the admin macaroon grants highly sensitive RPC access. In this context, the skill is specifically about separating key material, so normalizing broad credential export to the less trusted agent side materially weakens the stated security model and could enable remote control or wallet operations if the bundle is exposed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal