ClawHub

SatsRail MCP — Bitcoin Lightning Payments for AI Agents

Security checks across malware telemetry and agentic risk

Overview

This is a coherent payment integration, but it gives an agent live payment-account authority without enough scoping, confirmation, or credential-handling guidance.

Install only if you intend to let an AI agent create and manage SatsRail payment workflows. Start with `sk_test` credentials, review and pin the `satsrail-mcp` package before use, keep `SATSRAIL_API_KEY` out of shared or committed config, and require explicit confirmation plus amount limits before live order, invoice, checkout, cancellation, wallet, or merchant actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill prominently enables creation of payment orders, invoices, and checkout sessions through natural language, but it does not warn that agent actions may trigger real financial operations. In an MCP/agent context, this increases the risk of unintended payment initiation, social engineering, or unsafe automation because users may treat the capability as informational rather than transaction-executing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructions tell users to place a secret API key directly into configuration and mention live keys, but provide no guidance on secure storage, least privilege, rotation, or the consequences of exposing production credentials. In practice, this can lead to accidental key leakage through screenshots, repo commits, shared configs, or logs, enabling unauthorized payment/order actions against a real merchant account.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal