ClawHub

agent-wallet

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Lightning wallet skill, but it can store a wallet seed and send real bitcoin without clear approval safeguards.

Install only if you intentionally want an agent-controlled self-custodial Lightning wallet. Use small balances, back up and protect the mnemonic, restrict ~/.mdk-wallet permissions, pin and verify the npm package version, require explicit confirmation before every outgoing payment, and stop the daemon when it is not needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The documentation presents conflicting statements about whether `init --show` reveals the mnemonic, and the example output explicitly includes the seed phrase. In a wallet skill, ambiguity around secret disclosure is dangerous because an agent or user may invoke the command expecting redaction and instead expose the private key that controls real funds.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The activation description is broad enough to trigger on generic payment or balance-related requests, which can cause an agent to select a real-funds wallet skill in situations where the user did not intend to authorize financial actions. In the context of a self-custodial wallet tied to real bitcoin, overbroad routing materially increases the chance of unintended payment operations or secret-handling exposure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents a command that can send real funds but does not prominently require confirmation of the destination, amount, and network before execution. Because Lightning payments may be irreversible, an agent following these examples could transfer bitcoin to the wrong recipient or for the wrong amount with no practical recovery path.

Session Persistence

Medium
Category
Rogue Agent
Content
# Get balance
npx @moneydevkit/agent-wallet balance

# Create invoice
npx @moneydevkit/agent-wallet receive 1000

# Pay someone
Confidence
84% confidence
Finding
Create invoice npx @moneydevkit/agent-wallet receive 1000 # Pay someone npx @moneydevkit/agent-wallet send user@getalby.com 500 ``` ## How It Works The CLI automatically starts a daemon on first co

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal