alby-hub-skill
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides installation instructions that involve downloading and piping shell scripts from the vendor's official GitHub repository (
getAlby/hub) and website (getalby.com) directly intobash. - [EXTERNAL_DOWNLOADS]: The skill relies on
npxto fetch and execute the@getalby/hub-clipackage from the npm registry for all management operations. - [DATA_EXFILTRATION]: The skill accesses and manages sensitive files in the
~/.hub-cli/directory, including JWT tokens (token.jwt) and wallet recovery phrases (albyhub.recovery). These files are critical for node operation and funds recovery. The skill documentation specifically instructs the agent to avoid reading the recovery phrase to mitigate the risk of exposing it in conversation logs. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes data from external sources like the Lightning Network and LSPs.
- Ingestion points: Data is ingested from
list-transactions(payment descriptions) andget-channel-suggestions(provider metadata). - Boundary markers: No explicit delimiters or safety instructions are provided to the agent to treat this data as untrusted.
- Capability inventory: The skill can execute CLI commands, initiate payments, and manage app connections.
- Sanitization: No sanitization or validation logic is specified for data retrieved from external sources before it is displayed or processed.
Audit Metadata