ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lnd

v1.0.1

Install and run Lightning Terminal (litd) which bundles lnd, loop, pool, tapd, and faraday in a single Docker container. Defaults to neutrino backend with SQLite storage on testnet. Supports watch-only mode with remote signer, standalone mode, and regtest development. Use when setting up a Lightning node for payments, channel management, liquidity management (loop), channel marketplace (pool), taproot assets (tapd), or enabling agent L402 commerce.

0· 1k·0 current·0 all-time
by@roasbeef
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to install/run Lightning Terminal which legitimately requires Docker (or a Go toolchain for source builds), docker-compose, openssl, and optionally git/Go. However the registry metadata declares no required binaries, env vars, or config paths — a clear metadata mismatch that hides real host-level requirements.
!
Instruction Scope
SKILL.md and the scripts direct the agent/user to pull Docker images, run containers, clone/build upstream repositories, auto-detect and exec into Docker containers, write wallet passphrases and seed mnemonics to disk (~/.lnget/lnd), and copy macaroons/certs into containers. Those actions are within the skill's stated purpose but involve handling and storing highly sensitive credentials and performing broad host operations (docker exec/cp, nohup, background lnd processes). The instructions also accept base64 bundles which will be decoded and extracted locally — this can write arbitrary files from external input.
Install Mechanism
There is no separate install spec, but the provided scripts pull images from Docker Hub (lightninglabs/lightning-terminal) and clone from GitHub for source builds. Those are standard upstream sources (Docker Hub, github.com) — not high-risk URLs — but running third-party images executes remote code on your host and should be done only after review and in a confined environment.
!
Credentials
The skill declares no required credentials, but scripts expect and store TLS certs and macaroons (including admin.macaroon by default) and will copy them into containers. Admin macaroons grant full control of lnd; importing/copying them into the agent host/container is a high-privilege action. The skill does provide documentation recommending least-privilege macaroons, but the default code and examples rely on admin.macaroon and write seed/passphrase files in plaintext (0600) — which is risky if not carefully managed.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It writes files into the user's home (~/.lnget/lnd) and may run containers and background processes, which is expected for this functionality but grants the skill persistent artifacts on disk. Autonomous invocation is allowed by default (normal), so consider agent autonomy when granting access.
What to consider before installing
This skill appears to do what it says (install and run Lightning Terminal), but several things do not add up and require caution: - Metadata vs reality: The registry entry lists no required binaries or config paths, yet the scripts assume Docker/docker-compose (for default mode) or Go/git (for source mode). Expect to need Docker and/or Go; update your install checklist accordingly. - Sensitive credentials: The scripts import and store TLS certs, macaroons (the example uses admin.macaroon), and can write seed/passphrase files to ~/.lnget/lnd (plain text, mode 0600). Admin macaroons allow full control of lnd — do NOT use an admin macaroon on an agent host in production. Prefer signer-only or pay-only macaroons as documented. - Image execution risk: The default install pulls lightninglabs/lightning-terminal from Docker Hub and runs it. Running third-party container images executes remote code — review the image, verify tags, and prefer running in an isolated VM or sandbox if you are concerned. - Defaults favor convenience over security: Standalone mode writes seed and passphrase to disk and enables auto-unlock by default; only use standalone in test/regtest. The skill documents better practices, but scripts and examples still make it easy to run insecurely. - What to check before installing: • Ensure Docker is installed and you understand container execution risks. • Inspect the Docker image tag and, if possible, pull and scan the image locally before running (or build from source in a controlled environment). • Replace admin.macaroon with a least-privilege macaroon (signer-only or pay-only) before importing credentials into the agent. • Avoid standalone mode for mainnet funds; consider running the signer on separate hardware/VM and keep keys off the agent machine. • Run this in an isolated VM/container if you are testing, and audit files under ~/.lnget/lnd after use. If the publisher updates the registry metadata to declare required binaries (docker, docker-compose, git, go), and the scripts default to importing least-privilege macaroons or explicitly require signer-only macaroons, my concerns would decrease. If you want, I can list the exact script locations and lines that copy macaroons/seed/password files so you can review or patch them before running.

Like a lobster shell, security has layers — review code before you run it.

latestvk9766xhs60aa1wvvm4chsdtyds80y15e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments