v1.0.0

lnd macaroon bakery

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:34 AM.

Analysis

This is a coherent Lightning node macaroon-management helper, but it handles powerful lnd credentials and creates persistent bearer tokens that should be reviewed carefully before use.

GuidanceInstall only if you intend to manage lnd macaroons. Run baking commands deliberately, keep admin.macaroon out of agent configs, inspect generated macaroons, use the least-privileged role, and confirm local lncli/jq/Docker tooling is trusted.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

scripts/bake.sh

"uri:/lnrpc.Lightning/SendPaymentSync" ... "uri:/lnrpc.Lightning/OpenChannelSync" ... "uri:/signrpc.Signer/SignOutputRaw"

The preset roles include permissions that can enable payment, channel-management, and signing capabilities. This is aligned with the skill's purpose, but the impact is high if the wrong role is granted.

User impactChoosing an overly broad preset or custom permission list could give an agent more financial or node-control authority than intended.

RecommendationRequire human review of the selected role or custom URI list before baking a macaroon, especially for pay-only, channel-admin, signer-only, or custom permissions.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

scripts/bake.sh

elif ! command -v lncli &>/dev/null; then ... "${LNCLI_CMD[@]}" listpermissions | jq -r

The script depends on external tools such as lncli and jq, and optionally Docker, while the registry metadata lists no required binaries.

User impactA user may install the skill without realizing it relies on locally installed command-line tools whose provenance and configuration affect the outcome.

RecommendationVerify that lncli, jq, and Docker if used are installed from trusted sources and match the lnd node you intend to manage.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

You need lncli installed locally and copies of the node's TLS cert and a macaroon with `macaroon:generate` permission (typically admin.macaroon).

The skill explicitly uses lnd authentication material, including an admin or macaroon-generation-capable macaroon, to create new credentials.

User impactIf misused, a generated macaroon could grant an agent access to Lightning node functions such as paying invoices, viewing balances, managing channels, or signing operations.

RecommendationUse the narrowest role possible, avoid exposing admin.macaroon to agents, inspect each macaroon before deployment, and store generated macaroons with restrictive permissions.