alby-bitcoin-payments
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands via
npxto execute the@getalby/clitool for various wallet operations includingpay-invoice,get-balance, andmake-invoice. It also includes afetchcommand for handling HTTP 402 (Payment Required) responses which allows the agent to pay for and consume external API services. - [EXTERNAL_DOWNLOADS]: The skill downloads and executes the
@getalby/clipackage from the NPM registry. This is the official tool provided by the author (getAlby) and is used to provide the skill's primary functionality for Bitcoin transactions. - [CREDENTIALS_UNSAFE]: The skill manages sensitive Nostr Wallet Connect (NWC) connection secrets which are stored in the
~/.alby-cli/directory or provided via theNWC_URLenvironment variable. While these are high-sensitivity credentials, the skill provides clear instructions to the agent to avoid revealing them in chat or logs, maintaining local-only access. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface through the
fetchanddiscovercommands, which ingest content from external servers and the402index.ioservice. - Ingestion points: External HTTP responses and service discovery metadata.
- Boundary markers: None explicitly defined in the instructions for the data returned by external requests.
- Capability inventory: The agent can perform financial transactions and execute command-line operations using the Alby CLI.
- Sanitization: No specific sanitization or filtering of retrieved external content is mentioned before it is processed by the agent.
Audit Metadata