alby-bitcoin-builder
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill includes explicit security instructions for the AI agent to protect Nostr Wallet Connect (NWC) connection strings, specifically forbidding the sharing or logging of these credentials to prevent data exposure.
- [EXTERNAL_DOWNLOADS]: The skill references official NPM packages from the vendor (@getalby/sdk, @getalby/lightning-tools, @getalby/bitcoin-connect) and utilizes a well-known vendor-owned domain (nwc.dev) for end-to-end testing of payments, which is categorized as safe behavior for its intended purpose.
- [SAFE]: Example code provided within the documentation adheres to industry standards for security, such as utilizing .env files for credential storage and using native sub-resource integrity via CDNs like esm.sh.
- [SAFE]: No indicators of obfuscation, unauthorized persistence, or privilege escalation were detected across the analyzed markdown files and configuration scripts.
Audit Metadata