Dangerous action found
executeToolCall (per-tool L402 auto-pay) — every dynamically-registered marketplace tool can auto-pay a real Lightning (L402) invoice from the agent's wallet.
// packages/mcp-bridge/src/tool-handler.ts · executeToolCall() → l402Client.request() → wallet.payInvoice() return await this.wallet.payInvoice(invoice);
Currently: runs unguarded — the only precondition on a real-sats payment is a numeric budgetSats cap. No named human authorizes the spend before it settles.
Proposed fix — Receipt Required
Wrap the per-tool handler at packages/mcp-bridge/src/server.ts:70 (`async (args) => executeToolCall(tool, args, l402Client)`) with @emilia-protocol/require-receipt, so a verifiable human-authorization receipt for the exact tool + amount is required before the L402 invoice is paid.
Result after patch (RR-1):
Scope: this is a static reference-implementation assessment of a missing human-authorization receipt on one irreversible action, derived from the repository’s public source. It is not a vulnerability report, not a claim the action is exploitable, and not auth or permissions. Maintainer active (last push 2026-06-26); this report is intended to go live alongside a fix PR.