alby-bitcoin-payments-agent-skill
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the
esm.shCDN to load the@getalby/bitcoin-connectlibrary for web-based implementations, which is a standard practice for frontend development. - [EXTERNAL_DOWNLOADS]: Includes functionality to fetch and manage test wallets from
https://faucet.nwc.dev. This is a vendor-supported service specifically designed for safe development and automated end-to-end testing without real funds. - [CREDENTIALS_UNSAFE]: Correctness in security documentation: the skill explicitly identifies Nostr Wallet Connect (NWC) connection strings as sensitive credentials (API keys) and instructs the agent to handle them securely, avoiding logs or exposure.
- [COMMAND_EXECUTION]: Installation instructions leverage standard package management workflows such as
npx skills add, which is the expected method for deploying agent skills. - [DATA_EXPOSURE]: The skill facilitates the processing of payment notifications and transaction data, which is essential for its primary purpose of building Bitcoin-integrated applications.
Audit Metadata