ClawHub

LNbits Wallet

Security checks across malware telemetry and agentic risk

Overview

This LNbits skill is mostly coherent, but it handles wallet admin credentials and can send real Lightning payments with safeguards that depend on the agent following instructions.

Install only if you are comfortable giving the assistant access to an LNbits wallet. Use a dedicated low-balance wallet, set LNBITS_BASE_URL explicitly, avoid exposing admin keys in chat or shared logs, and require a clear decoded invoice review plus yes/no confirmation before any payment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill uses environment variables and networked wallet operations but does not declare corresponding permissions, which weakens transparency and policy enforcement around sensitive capabilities. In a financial skill, hidden or undeclared access to secrets and remote services is especially risky because it can lead to unexpected wallet actions or secret handling outside the user's expectations.

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The skill description says it manages wallet balance, payments, and invoices, but the instructions also allow creating a new wallet and decoding invoices. In a wallet context, undocumented account creation and invoice parsing expand the operational scope and trust boundary, making it easier for users or hosting systems to underestimate what the skill can do.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill description says it manages wallet balance, payments, and invoices, but the CLI also exposes wallet/account creation. This capability mismatch is dangerous because it expands the action surface beyond what users or higher-level agents may expect, enabling unreviewed state-changing operations against the LNbits instance.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The wallet creation flow instructs the assistant to capture and then reveal a newly generated admin key, and recommends placing it in shell configuration or a .env file without strong warnings about secret exposure. Admin keys for a Lightning wallet enable full wallet control, so exposing them in chat output, shell history, or broadly accessible environment files can directly lead to wallet takeover and fund loss.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The pay command performs a real Lightning payment immediately from a provided Bolt11 invoice, with no confirmation, amount preview, or policy check. In an agent setting, this is especially risky because a prompt, tool chain, or untrusted input could trigger irreversible fund transfer without meaningful user consent.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The create command performs a state-changing network action that creates a new LNbits account/wallet without any disclosure or confirmation. Although lower impact than direct payment, it can still cause unauthorized resource creation, operational confusion, or account sprawl when invoked by an agent unexpectedly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal