auth-signers
Warn
Audited by Snyk on Jun 30, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). This skill exposes explicit cryptographic signing APIs (NostrSigner.sign) and a handler for LnZapRequestEvent (decryptZapEvent), and concrete implementations for local key signing (Secp256k1.signSchnorr), remote bunker signers (NIP-46) and external signer apps (NIP-55). Those features are specific to signing/authorizing Nostr events including Lightning "zap" payment requests — i.e., crypto/payment signing capability rather than a generic utility. That meets the "Crypto/Blockchain (Wallets, ... Signing)" criterion for direct financial execution authority.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata