Is jamestsetsekas/lnbits-with-qrcode safe?

https://github.com/openclaw/skills/tree/main/skills/jamestsetsekas/lnbits-with-qrcode

92
SAFE

This LNbits Lightning wallet management skill appears legitimate and safe for its intended purpose. While some sensitive files were accessed during installation, no data exfiltration occurred and the skill implements proper security safeguards including payment confirmation and credential protection.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (2)

MEDIUM Sensitive File Access During Installation -15

During installation, multiple sensitive files were accessed including SSH keys, AWS credentials, Docker config, and other credential files. However, monitoring confirmed no actual data was exfiltrated and all canary files remained intact.

LOW Financial Operation Capabilities -15

This skill can perform financial operations including sending Lightning payments. While proper safeguards are in place (confirmation required, balance checks), users should be aware of the financial risks.