eclair

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains hard-coded credentials (e.g., -p devpassword, -rpcuser=bitcoin -rpcpassword=bitcoin, default API password) embedded in example commands, requiring the agent to include secret values verbatim in generated outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill fetches and runs content from public third-party sources — e.g., building from GitHub PRs via ~/.claude/skills/eclair/scripts/docker-build.sh and build-pr.sh, pulling arbitrary Docker images (docker pull / ECLAIR_IMAGE), and connecting to external Lightning peers / processing invoices (connect, parseinvoice, payinvoice) — so the agent would ingest untrusted, user-provided web content and peer data.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Lightning Network / Bitcoin wallet and node management tool. It exposes specific APIs and CLI commands that create invoices, send/receive payments, open/close channels, and send on-chain BTC (e.g., createinvoice, payinvoice, sendonchain, bitcoin-cli sendtoaddress, open/forceclose channels). Those are direct crypto transaction and wallet operations (signing/sending funds), so this skill grants direct financial execution capability.