ClawHub

nostrwalletconnect

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides Lightning wallet payment powers, but it does not set strong enough approval or spending boundaries for real-money transactions.

Review carefully before installing. Use only a dedicated low-balance wallet or restricted NWC connection, require manual approval for every payment, verify invoice amount and description out of band, and rotate the connection string if it may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
93% confidence
Finding
This skill grants direct payment capability over Lightning using a secret-bearing NWC connection string, but the invocation scope is described in broad, empowering language rather than with explicit approval gates, permitted use cases, or hard transaction constraints. In a financial skill, unclear scope can lead an agent to autonomously initiate payments in response to ambiguous prompts or social-engineering scenarios, causing unauthorized fund transfers.

Missing User Warnings

High
Confidence
97% confidence
Finding
The example embeds an Nostr Wallet Connect URI containing a wallet pubkey and secret directly in source code. Hardcoded wallet credentials are dangerous because they are easily copied into real deployments, leaked through version control, logs, screenshots, or package distributions, enabling unauthorized wallet access and financial loss.

Missing User Warnings

High
Confidence
91% confidence
Finding
The sample performs a live invoice payment immediately, with no confirmation, preview of amount/recipient, or user warning that this is a real financial action. In a financial skill, code like this can be copied into agent workflows and trigger irreversible payments automatically if an invoice is attacker-supplied or the caller is confused about the consequences.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manifest explicitly exposes payment-capable wallet functionality, including paying Lightning invoices and creating invoices, but does not include any prominent warning, consent language, or usage constraints about real fund movement. In an AI-agent context, this is dangerous because autonomous or semi-autonomous invocation could trigger irreversible financial transactions if the capability is enabled without clear operator awareness and approval boundaries.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal