Skills
skills/accolver/skill-maker/nostr-dvms/Snyk

nostr-dvms

Fail

Audited by Snyk on Mar 31, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill mandates including the full stringified original job request in result events and verbatim tags (including input tag contents and bolt11 invoices), so any secrets placed in requests would be echoed in outputs, creating a direct exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow and examples explicitly instruct the agent/service to fetch and process arbitrary public URLs (i.e., ["i","","url"] with fetch(...) in the example) and to subscribe/fetch Nostr events from public relays (wss://...), which are untrusted, user-generated third‑party sources that the agent will read and act on as part of job processing and chaining.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill's runtime explicitly fetches arbitrary HTTP(S) input URLs (e.g., fetch(inputTag[1]) such as https://example.com/article) and then injects that fetched content into the summarization flow, meaning external content can directly control model input at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). This skill explicitly defines and requires payment handling as part of its core protocol: it specifies "bid", "amount", and "" tags, describes a payment-required workflow where the customer must "pay the bolt11 invoice OR zap the result event", and the example even calls generateBolt11(1000). "bolt11" and "zap" are Lightning Network (crypto) payment mechanisms. These are specific financial execution primitives (creating invoices and accepting/triggering Lightning payments), not generic APIs or browser automation. Therefore it grants direct financial execution capability.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 31, 2026, 05:26 PM
Issues
4