首页龙虾技能列表 › LNbits Wallet — 技能工具

LNbits Wallet — 技能工具

v1.0.0

[自动翻译] Manage LNbits Lightning Wallet (Balance, Pay, Invoice)

0· 1,620·1 当前·1 累计·💬 2
by @talvasconcelos·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/10
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
medium confidence
The skill mostly matches its stated LNbits wallet purpose, but there are mismatches in metadata and notable risks around handling a powerful Admin API key while the model is allowed to invoke the skill — review the code and adjust invocation/credential scope before installing.
评估建议
Before installing: (1) Confirm the registry metadata is corrected to reflect the required python3 binary and the two env vars declared in SKILL.md. (2) Review the bundled script (scripts/lnbits_cli.py) source to verify it only calls the LNbits API and does not exfiltrate keys or perform unexpected network activity. (3) Prefer using a least-privilege key (a payment/readonly key) instead of an adminkey; if adminkey is required, be aware it allows full wallet control. (4) Prevent autonomous payment...
详细分析 ▾
用途与能力
The SKILL.md, metadata, and the included script all describe LNbits wallet operations and require python3 plus LNBITS_API_KEY and LNBITS_BASE_URL, which is coherent with the claimed purpose. However, the registry summary at the top of the submission incorrectly lists no required env vars or binaries, creating a metadata mismatch that should be resolved.
指令范围
Runtime instructions explicitly tell the assistant to create wallets, capture adminkey/base_url, check balance, decode invoices, and send payments. The SKILL.md includes good safety guidance (never expose secrets, require explicit user confirmation before pay), but it also instructs the assistant to instruct the user to store the adminkey in the agent's config or .env — which elevates scope by creating persistent, high-privilege credentials available to the agent.
安装机制
There is no install spec (instruction-only with a bundled Python script). That is low-risk from an installer perspective, but the bundled script will be executed with python3 at runtime — review the script's source for unexpected behavior before allowing execution.
凭证需求
The skill requires two environment variables (LNBITS_API_KEY and LNBITS_BASE_URL), which are appropriate for an LNbits integration. The concern is that the expected key is the adminkey (full admin key) per the instructions; an adminkey grants broad control of a wallet and is higher privilege than a user-specific key. Requiring/storing an adminkey in the agent environment is a disproportionate privilege unless explicitly justified.
持久化与权限
The skill does not set disableModelInvocation, so the model can invoke it autonomously. Combined with a potentially powerful adminkey stored in the environment, this creates risk that the model could initiate payments or other privileged actions without additional user consent. The SKILL.md requires asking for confirmation before paying, but that is an instruction and not an enforcement mechanism.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/1/29

LNbits version 1.0.0 – Initial Release - Enables wallet management for LNbits Lightning wallets: check balance, pay invoices, create/receive invoices. - Enforces critical security protocols: does not display LNbits secrets and requires explicit user confirmation before sending payments. - Automatically checks wallet balance before any payment attempt. - Provides step-by-step usage instructions for wallet setup, balance checks, receiving, and sending payments. - Summarizes errors clearly without showing raw traces for better user experience.

● 可疑

安装命令 点击复制

官方npx clawhub@latest install lnbits
镜像加速npx clawhub@latest install lnbits --registry https://cn.clawhub-mirror.com

技能文档

Enable the assistant to safely and effectively manage an LNbits Lightning Network wallet.

🛑 CRITICAL SECURITY PROTOCOLS 🛑

  • NEVER Expose Secrets: Do NOT display Admin Keys, User IDs, or Wallet IDs.
  • Explicit Confirmation: You MUST ask for "Yes/No" confirmation before paying.
Format: "I am about to send [Amount] sats to [Memo/Dest]. Proceed? (y/n)"
  • Check Balance First: Always call balance before pay to prevent errors.

Usage

0. Setup / Create Wallet

If the user does not have an LNbits wallet, you can create one for them on the demo server.

python3 {baseDir}/scripts/lnbits_cli.py create --name "My Wallet"

Action:

  • Run the command.
  • Capture the adminkey (Admin Key) and base_url (defaults to https://demo.lnbits.com).
  • IMPORTANT: Instruct the user to save these credentials securely:
> "I've created a new wallet! Please add these to your Moltbot configuration or .env file: > export LNBITS_BASE_URL=https://demo.lnbits.com > export LNBITS_API_KEY="

1. Check Balance

Get the current wallet balance in Satoshis.

python3 {baseDir}/scripts/lnbits_cli.py balance

2. Create Invoice (Receive)

Generate a Bolt11 invoice to receive funds. amount: Amount in Satoshis (Integer). * memo: Optional description.

python3 {baseDir}/scripts/lnbits_cli.py invoice --amount 1000 --memo "Pizza"

3. Pay Invoice (Send)

⚠️ REQUIRES CONFIRMATION: Decode first, verify balance, ask user, then execute.

# Step 1: Decode to verify amount/memo
python3 {baseDir}/scripts/lnbits_cli.py decode 
# Step 2: Pay (Only after user CONFIRMS)
python3 {baseDir}/scripts/lnbits_cli.py pay

Error Handling

If the CLI returns a JSON error (e.g., {"error": "Insufficient funds"}), summarize it clearly for the user. Do not show raw stack traces.

数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务