ClawHub

Alby Bitcoin Payments Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Bitcoin Lightning wallet skill that can move real funds, so it should be installed only with a dedicated low-balance wallet and clear payment approval practices.

Install only for agents you trust with Lightning wallet access. Prefer the browser auth flow, never paste NWC secrets into chat or logs, use a dedicated low-balance or test wallet, keep spending limits enabled, and require explicit confirmation before sending funds or paying for resources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to save a Nostr Wallet Connect connection secret directly but does not warn that this value is effectively wallet access material and must be handled like a private key or API secret. In an agent context, encouraging storage of such credentials without secure-handling guidance increases the chance of credential leakage through logs, prompts, chat history, config files, or shared environments, which could enable unauthorized wallet access and fund movement.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README promotes autonomous wallet creation and payment actions such as creating wallets and sending sats, but it does not clearly warn that the skill can change wallet state and move real funds. In an autonomous-agent setting, omission of these warnings raises the risk of users enabling the skill without understanding that prompts or agent mistakes could trigger unintended transactions or resource consumption.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest description is broad enough to trigger this skill for common payment-related workflows and for generic 402 handling, which can cause an agent to load wallet-capable instructions in situations where a narrower tool would be safer. In this context, over-invocation is risky because the skill enables real money movement and paid API purchases, so an unnecessary trigger can expand the attack surface and increase the chance of unintended spending.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal