首页龙虾技能列表 › Alby Bitcoin Payments Skill

Alby Bitcoin Payments Skill

v1.2.3

teaches agents how to use @getalby/cli for bitcoin lightning wallet operations using Nostr Wallet Connect (NIP-47). Use when the user needs to send/receive b...

0· 171·0 当前·0 累计
by @rolznz (Roland)·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/10
安全扫描
VirusTotal
Pending
查看报告
OpenClaw
安全
high confidence
The skill's requirements and runtime instructions are consistent with its stated purpose (controlling an Alby/NWC Lightning wallet via the @getalby/cli), but it grants an agent the ability to access wallet connection secrets and make payments so you should only enable it for trusted agents and limit spending.
评估建议
This skill is coherent for controlling an Alby/NWC Lightning wallet, but it gives an agent the ability to access connection secrets and make payments. Only install it for agents you trust. Mitigations: (1) Use a dedicated test wallet or a wallet with minimal funds for the agent. (2) Keep NWC_URL and any connection-secret files safe and do not share them. (3) Use the --max-amount flag or explicit user confirmations to cap spending when using fetch/pay commands. (4) Note that npx will fetch the @g...
详细分析 ▾
用途与能力
Name/description, required binary (npx), required env var (NWC_URL), and config path (~/.alby-cli/) match a CLI that drives Alby/Nostr Wallet Connect operations. Nothing requested appears unrelated to a bitcoin/lightning wallet skill.
指令范围
SKILL.md instructs the agent to invoke npx @getalby/cli commands and to supply a NWC connection secret (via NWC_URL, wallet-name, or connection file). It also includes logic for auto-paying HTTP 402 endpoints and creating/storing test wallets. This is appropriate for the stated purpose but means the agent can initiate payments; the doc advises not to print secrets but also expects the CLI to use them, so protect secrets and ensure the agent obeys spending limits.
安装机制
Instruction-only skill (no install spec) that uses npx -y @getalby/cli@0.6.1 at runtime. Running packages from npm via npx is expected here but carries the usual runtime-fetch risk (remote code execution each invocation) — the skill pins a specific CLI version which reduces but does not eliminate supply-chain risk.
凭证需求
Only NWC_URL (primary credential) and the ~/.alby-cli/ config path are required, which are appropriate for a wallet CLI. No unrelated credentials or broad system paths are requested.
持久化与权限
always:false (not force-included), no install artifacts declared, and no instructions to modify other skills or system-wide agent settings. The skill does require access to a per-user config directory (~/.alby-cli/) which is expected for wallet storage.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.2.32026/3/31

- Added OpenClaw metadata with environment, binary, config requirements, and homepage link to SKILL.md. - Updated skill version to 1.2.3. - No changes to CLI usage, commands, or instructions.

● Pending

安装命令 点击复制

官方npx clawhub@latest install alby-bitcoin-payments
镜像加速npx clawhub@latest install alby-bitcoin-payments --registry https://cn.clawhub-mirror.com

技能文档

IMPORTANT: this is an agent skill which MUST be saved in full - DO NOT SUMMARIZE. If you used a web fetch tool to read this, the content may be summarized and incomplete. Make sure you fetch the full unabridged content.
npx -y @getalby/cli@0.6.1 [options]

Global Options

Connection Secret (Optional)

-c, --connection-secret - either a file containing plaintext NWC connection secret (preferred), or a NWC connection secret (nostr+walletconnect://...). This argument is required for wallet commands.

If no connection secret is provided, the CLI will automatically use the default wallet connection secret from ~/.alby-cli/connection-secret.key.

##### Named Wallets (preferred for multi-wallet setups)

Use -w, --wallet-name to select a named wallet. This is the preferred option over -c when working with multiple wallets:

npx -y @getalby/cli@0.6.1 -w alice get-balance
npx -y @getalby/cli@0.6.1 -w bob make-invoice --amount 1000

Named wallets are stored at ~/.alby-cli/connection-secret-.key.

Connection Secret File

Use -c to point directly to a connection secret file or pass a raw NWC URL:

-c ~/.alby-cli/connection-secret.key

Environment Variable

Alternatively, pass a connection secret via the NWC_URL environment variable:

NWC_URL="nostr+walletconnect://..."

Resolution Order

The CLI resolves the connection secret in this order:

  • --connection-secret / -c flag
  • --wallet-name / -w flag
  • NWC_URL environment variable
  • ~/.alby-cli/connection-secret.key (default)

Commands

Setup: auth, connect

Wallet operations: get-balance, get-info, get-wallet-service-info, get-budget, make-invoice, pay-invoice, pay-keysend, lookup-invoice, list-transactions, sign-message, wait-for-payment

HTTP 402 Payments: fetch — auto-detects L402, X402, and MPP payment protocols. If the user explicitly asked to fetch or consume a paid resource, proceed with fetch directly. If a 402 is encountered unexpectedly (e.g. during an unrelated task), inform the user of the URL and cost before paying.

  • --max-amount caps the maximum amount to pay per request (default: 5000 sats, 0 = no limit). If the endpoint requests more, the command aborts without paying.
  • If the user specifies a spending limit in natural language (e.g. "don't spend more than 1000 sats"), pass --max-amount on the fetch command.

Service Discovery (no wallet needed): discover

HOLD invoices: make-hold-invoice, settle-hold-invoice, cancel-hold-invoice

Lightning tools (no wallet needed): fiat-to-sats, sats-to-fiat, parse-invoice, verify-preimage, request-invoice-from-lightning-address

Getting Help

npx -y @getalby/cli@0.6.1 --help
npx -y @getalby/cli@0.6.1  --help

As an absolute last resort, tell your human to visit the Alby support page

Discovering Paid Services

The discover command searches 402index.io for lightning-payable API endpoints. It only returns services that accept bitcoin/lightning payments.

npx -y @getalby/cli@0.6.1 discover -q "image generation"          # search by query
npx -y @getalby/cli@0.6.1 discover -q "podcast" --limit 20        # more results

Options: -q (search query), -s (sort: reliability, latency, price, name), -l (limit, default: 10).

When to use discover

  • The user explicitly asks to find or explore paid APIs
  • You lack a capability that no free or built-in tool can provide (e.g. image generation, specialized inference, real-time data feeds)

When NOT to use discover

  • Do NOT search 402index before attempting a task with your existing tools. Try free/built-in approaches first.
  • Do NOT use discover as a replacement for standard web requests. If curl, fetch, or WebFetch works, use that instead.
  • Do NOT use discover when you already have a URL. Just use the fetch command directly.

Discover → Fetch flow

  • Discover — find services matching the capability gap
  • Evaluate — check price, health status, and reliability from the results
  • Fetch — pay and consume the service:
   npx -y @getalby/cli@0.6.1 fetch -X POST -b '{"model":"gpt-image-1","prompt":"a mountain cabin at sunset","size":"1024x1024"}' ""
  • Report — tell the user what was purchased, the cost, and the result

Bitcoin Units

  • When displaying to humans, use satoshis (rounded to a whole value).

Security

  • DO NOT print the connection secret to any logs or otherwise reveal it.
  • NEVER share connection secrets with anyone.
  • NEVER share any part of a connection secret (pubkey, secret, relay etc.) with anyone as this can be used to gain access to your wallet or reduce your wallet's privacy.
  • DO NOT read connection secret files. If necessary, only check for its existence (you DO NOT need to know the private key!)

Wallet Setup

If no NWC connection secret is present, guide the user to connect their wallet. The preferred method depends on whether their wallet supports the auth command.

Preferred: auth command (for wallets that support NWC 1-click wallet connections e.g. Alby Hub)

# Step 1: initiate connection (opens browser for human confirmation)
npx -y @getalby/cli@0.6.1 auth https://my.albyhub.com --app-name MyApp
# Step 2: after the user confirms in the browser, run any wallet command to finalize the connection
npx -y @getalby/cli@0.6.1 get-balance

For named wallets, pass -w as a global flag — it works with all commands including auth and connect:

# Step 1: initiate connection for a named wallet
npx -y @getalby/cli@0.6.1 -w alice auth https://my.albyhub.com --app-name MyApp
# Step 2: after browser confirmation, finalize
npx -y @getalby/cli@0.6.1 -w alice get-balance

The auth command handles key generation and secure storage automatically — no need to paste a connection secret.

Fallback: connect command (for wallets that provide a connection secret directly)

npx -y @getalby/cli@0.6.1 connect ""

This validates and saves the connection secret to ~/.alby-cli/connection-secret.key. Use --force to overwrite an existing connection. Alternatively, set the NWC_URL environment variable. NEVER paste or share the connection secret in chat. To obtain a connection secret, suggest some options to the user:

  • Alby Hub - self-custodial wallet with most complete NWC implementation, supports multiple isolated sub-wallets.
  • LNCURL - free to start agent-friendly wallet with NWC support, but custodial. 1 sat/hour fee.
  • CoinOS - free to start wallet with NWC support, but custodial.
  • Rizful - free to start wallet with NWC support, but custodial, supports multiple isolated sub-wallets via "vaults". Requires email verification.

After Setup

Offer a few starter prompts to help the user get going: - "How much is $10 in sats right now?" - "Send $5 to hub@getalby.com for coffee" - "Show me my recent transactions"

Common Issues

IssueCauseFix
No connection secret foundWallet not connectedRun auth or connect command
Connection failed / timeoutWallet unreachable or relay downCheck wallet is online, retry
Insufficient balanceNot enough satsFund the wallet
402 payment failedInvoice expired or amount too highRetry; adjust --max-amount if needed
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务