ClawHub
Back to skill

Security audit

Alby Bitcoin Payments Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a real wallet-payment integration, but it gives agents spending-capable wallet access with broad paid-service workflows and incomplete user-control warnings.

Install only if you intentionally want an agent to access a Lightning wallet and potentially spend real funds. Use a low-balance or test wallet, set wallet-side budgets or limits, avoid pasting NWC secrets into chat or shell history, and require explicit confirmation for every payment, swap, or paid API request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Missing User Warnings

High
Confidence
95% confidence
Finding
The README promotes giving an agent its own wallet interface and operating independently, but does not clearly warn that autonomous wallet actions can move real funds. In this context, the missing warning is especially dangerous because the skill is explicitly designed for payment execution, balance access, and invoice/payment flows, increasing the chance that users delegate sensitive financial actions without understanding the risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documentation instructs users to pass a Nostr Wallet Connect connection secret directly on the command line without warning that it is a sensitive credential. That secret can grant wallet access, and exposing it in shell history, terminal logs, process listings, screenshots, or agent transcripts could allow unauthorized wallet control and theft of funds.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill advertises a very broad activation scope for any task involving sending/receiving money, invoices, fiat conversion, 402 retries, and paid API discovery. In an agent setting, this can cause over-invocation of a payment-capable skill and increase the chance of unintended financial actions or use of persisted wallet credentials in contexts where the user did not explicitly intend payment.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.