ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lightning Security Module

v1.0.0

Set up an lnd remote signer container that holds private keys separately from the agent. Exports a credentials bundle (accounts JSON, TLS cert, admin macaroon) for watch-only litd nodes. Container-first with Docker, native fallback. Use when firewalling private key material from AI agents.

0· 1k·0 current·0 all-time
by@roasbeef
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (remote lnd signer) match the provided scripts and templates. However the registry metadata declares no required binaries or env vars while the scripts clearly require Docker/docker-compose, lnd/lncli, jq, openssl, curl, tar/base64, and (for --source) git and Go. That discrepancy (metadata says 'none' but scripts need many tools) is an incoherence the user should be aware of.
!
Instruction Scope
The runtime instructions and scripts create and store sensitive material on the signer host (seed mnemonic, wallet passphrase, TLS cert, admin macaroon), copy files into containers, and produce a base64-encoded credentials bundle intended for transfer to the agent. Exporting the admin macaroon by default (admin.macaroon) grants full RPC privileges and is a risky default. Scripts also source helper scripts from ../lib (e.g., lib/rest.sh, lib/config-gen.sh) that are not included in the manifest — sourcing external shell code is a notable point of trust and potential supply-chain concern.
Install Mechanism
There is no formal install spec (instruction-only), which is lower-risk in the sense nothing is automatically downloaded by the platform. The scripts do pull the public Docker image lightninglabs/lnd:v0.20.0-beta (a known public repo) and optionally clone/build from GitHub — these are expected for this purpose. No arbitrary/personal download URLs or obfuscated fetches were found.
!
Credentials
The skill declares no required env vars or credentials, yet the scripts read and respect several environment variables (LNGET_SIGNER_DIR, LND_SIGNER_DIR, LND_IMAGE, LND_VERSION, etc.) and require access to Docker/socket and filesystem paths in the user's home. The skill will create and store secret material (seed, wallet-password.txt) under ~/.lnget/signer. It also exports an admin macaroon into the bundle; asking for or producing an admin macaroon without declaring/justifying privileged access is disproportionate.
!
Persistence & Privilege
always:false (good), and there is no installation step that permanently modifies other skills. However the scripts will write secrets and configs to disk (~/.lnget/signer, ~/.lnd-signer), create Docker containers/volumes, and copy sensitive files into containers. Combined with autonomous invocation being allowed by default, the skill could be used to create/export credentials bundles programmatically — a capability with high blast radius if invoked on an untrusted agent or if output is exfiltrated.
What to consider before installing
This skill appears to implement the claimed remote-signer architecture, but several things to check before installing: - Required tools: the manifest lists no required binaries, but the scripts need Docker/docker-compose, lnd/lncli, jq, curl, openssl, tar/base64 (and git/Go if building from source). Make sure those are installed and that you trust them. - Sensitive outputs: the setup and export scripts write the seed mnemonic and wallet passphrase to disk (~/.lnget/signer) and export an admin macaroon in the credentials bundle by default. An admin macaroon grants full RPC rights — for production you should bake a signing-only macaroon as recommended in the docs instead of exporting admin.macaroon. - Missing sourced libs: several scripts source ../lib/*.sh (rest.sh, config-gen.sh). Those files are not in the manifest you provided; verify they exist in the environment and review them before running. Sourcing external shell code can execute arbitrary commands. - Image provenance: the script pulls lightninglabs/lnd from Docker Hub. If you proceed, prefer pinned versions, verify image digests/signatures, or build from source in a controlled environment. - Transfer risk: the credentials bundle is intentionally packaged as a base64 tarball for easy copy-paste — that convenience makes accidental or malicious exfiltration easier. Transfer bundles only over trusted channels and consider encrypting them in transit. - Operational advice: run the signer on a dedicated, well-hardened machine (air-gapped or firewall-restricted), use a scoped/signing-only macaroon in production, rotate macaroons, protect filesystem permissions, and audit any helper scripts that are sourced. Given the above mismatches and risky defaults, treat this skill as suspicious until you verify the missing helper scripts, confirm runtime dependencies, and change the default export to a least-privilege macaroon and an operationally secure transfer method.

Like a lobster shell, security has layers — review code before you run it.

latestvk972fb6dbxpptcnswn5y93ze4x80zgr3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments