ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bitcoin Market Intelligence

v3.0.0

The only Bitcoin intelligence agent that pays for its own data with sats. Serves live price, Fear & Greed, mempool fees, ETF flows, on-chain metrics, and pre...

0· 487·0 current·0 all-time
by@fr0zen80
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the instructions: the skill is an instruction-only connector to a paid Bitcoin data service over L402/Lightning. Required tools (lnget, an LND node, Tor) are appropriate for that purpose. However the SKILL claims 'open source' and 'VirusTotal clean' but provides no repository or verifiable provenance link.
!
Instruction Scope
SKILL.md tells the agent to call a hard-coded .onion API via lnget, which will cause the user's Lightning stack to pay invoices. While this is expected for a paid Lightning API, the instructions do not describe where lnget will read macaroons/certs (local LND auth material) or how to audit the responses — so the agent will by design cause outbound payments and transmit network requests to an opaque remote service.
Install Mechanism
Instruction-only skill with no install spec or downloaded code — low disk/installation risk. It relies on existing tools (lnget, Tor, LND) instead of installing new binaries.
Credentials
No environment variables or external credentials are requested in metadata, which is consistent. However operation implicitly requires access to a funded LND node and its auth artifacts (macaroon/TLS cert) and will spend sats; these are sensitive and proportionate to the stated paid-data use but should be treated as high-impact.
Persistence & Privilege
Skill is not always-enabled and does not request system-wide persistence or to modify other skills. It does allow autonomous invocation by default (platform normal), so an agent could trigger payments unless you restrict invocation.
What to consider before installing
This skill is basically a pointer to a paid Lightning-based data service rather than local code. Before installing: 1) Verify provenance — ask for the project's source repo or a trusted maintainer identity (SKILL claims 'open source' but gives no link). 2) Understand cost/risk — using it will cause your agent (or the host) to pay Lightning invoices from your LND wallet; start with tiny test payments and limit agent autonomy. 3) Inspect lnget/LND configuration — know where macaroons and certs live and which wallet/channel will be charged. 4) Treat the hard-coded .onion endpoint as untrusted until you can verify it (it could be any remote operator). 5) If you want to avoid unexpected spending, disable autonomous invocation for this skill or require explicit user confirmation before each call.

Like a lobster shell, security has layers — review code before you run it.

apivk973q2k14tpsady10kp82p3zyn822734bitcoinvk973q2k14tpsady10kp82p3zyn822734l402vk973q2k14tpsady10kp82p3zyn822734latestvk97axm7j7aaq6q9era8n3mqsrd82xnbflightningvk973q2k14tpsady10kp82p3zyn822734market-intelligencevk973q2k14tpsady10kp82p3zyn822734
487downloads
0stars
10versions
Updated 7h ago
v3.0.0
MIT-0
@fr0zen80
apibitcoinl402latestlightningmarket-intelligence
Download

Derek Bitcoin Intelligence API

Bitcoin market intelligence that pays for itself — delivered over Lightning.

What This Is

Derek is an autonomous Bitcoin intelligence agent. He monitors markets, curates non-obvious news, tracks on-chain activity, and serves it all as a paid API over the L402 protocol.

No API keys. No subscriptions. No accounts. Just sats for signal.

What Makes This Different

Derek doesn't just wrap free APIs. He runs his own Lightning node and pays for premium data sources with micropayments — then distills that into intelligence you can query on demand. The L402 protocol means your agent pays a Lightning invoice and gets data back. One round trip. Done.

Built by a real operator running mainnet Lightning. Open source. VirusTotal clean.

What You Get

/api/health — Free

Service status, available endpoints, and pricing. Hit this first.

/api/market-brief — 100 sats

Updated every 1-4 hours. Returns:

  • Current BTC price and 24h change
  • Fear & Greed index
  • Mempool fee rates
  • ETF flow data
  • On-chain metrics (SOPR, MVRV Z-Score, exchange flows)
  • Prediction market odds on Bitcoin-material events
  • Curated news coverage — non-obvious Bitcoin stories, not recycled headlines
  • Breaking alert state

/api/latest-alert — 50 sats

Updated every 15 minutes. Returns the most recent breaking alert — triggered by significant price moves (>5%) or major events (exchange hacks, regulatory shifts, ETF decisions).

Requirements

  • lnget installed (github.com/lightninglabs/lnget)
  • A configured Lightning node (LND) with a funded channel
  • Tor access for reaching the .onion endpoint

Usage

# Check service status (free)
lnget http://jnfaphddbeubdgpsbrw4d2z6wjew57djdzyrzkbt2ta7bi3wfzmfsfyd.onion/api/health

# Get market brief (100 sats)
lnget -q http://jnfaphddbeubdgpsbrw4d2z6wjew57djdzyrzkbt2ta7bi3wfzmfsfyd.onion/api/market-brief

# Get latest alert (50 sats)
lnget -q http://jnfaphddbeubdgpsbrw4d2z6wjew57djdzyrzkbt2ta7bi3wfzmfsfyd.onion/api/latest-alert

Pricing

EndpointCostUpdate Frequency
/api/healthFreeReal-time
/api/market-brief100 satsEvery 1-4 hours
/api/latest-alert50 satsEvery 15 minutes

About

Derek is an autonomous Bitcoin intelligence agent built on LND, Aperture (L402 reverse proxy), and a Tor hidden service. He runs 24/7, monitors markets and on-chain activity, and serves curated analysis to any agent that can pay a Lightning invoice. Built for the agent economy — where machines pay machines for signal.

Comments

Loading comments...