ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

lnget: like wget but for L402 on the web

v1.0.0

Install and use lnget, a Lightning-native HTTP client with automatic L402 payment support. Use when downloading files behind Lightning paywalls, managing L402 tokens, checking Lightning backend status, or making HTTP requests that may require micropayments.

0· 1k·0 current·0 all-time
by@roasbeef
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, SKILL.md, and the install script all align: the skill installs and documents lnget (github.com/lightninglabs/lnget) and shows how to fetch L402-protected resources, manage tokens, and configure Lightning backends. There are no unrelated binaries or unexplained dependencies.
!
Instruction Scope
The SKILL.md instructs running the included install.sh and many lnget commands that interact with local Lightning backends (lnd, LNC, neutrino), read/write config and token files in the user's home (~/.lnget), and perform payments. It also references LNGET_ environment overrides. While this is expected for a Lightning client, these instructions can read local wallet artifacts (macaroon, tls cert) and initiate payments — actions beyond a simple HTTP client and potentially risky if executed without user oversight.
Install Mechanism
install.sh simply runs 'go install github.com/lightninglabs/lnget/cmd/lnget@latest' after checking for Go. This uses a well-known source (GitHub) and does not download random archives or call unknown servers. Risk from installation is low but standard caveats about fetching code from upstream apply.
Credentials
The skill declares no required env vars, but the SKILL.md documents LNGET_ environment overrides and references local LND macaroon/tls paths and pairing phrases. Access to these credentials is proportionate to lnget's purpose (it must talk to a Lightning backend and sign/pay invoices), but they are sensitive — the SKILL.md does not declare them as required, so users should be aware the tool will look at local wallet files if configured.
!
Persistence & Privilege
The skill does not set always:true and does not modify other skills. However, lnget's default behaviors include auto-pay (auto_pay: true in examples) and persistent token storage under ~/.lnget/tokens; combined with the platform's normal autonomous invocation capability, this means an agent that invokes the skill could cause real micropayments if not constrained. This is expected functionally but carries financial risk and deserves explicit user controls (max-cost, --no-pay) before allowing autonomous runs.
Assessment
This skill appears to do what it claims (install and run lnget), but it will interact with your local Lightning node and can make micropayments. Before installing or letting an agent invoke it autonomously: 1) Inspect the upstream repo (github.com/lightninglabs/lnget) and the exact version you will install. 2) Run the install script manually in a controlled environment so you can verify behavior. 3) Review and tighten lnget configuration: set sensible LNGET_L402_MAX_COST_SATS / --max-cost, set auto_pay=false or use --no-pay for testing, and consider using ephemeral pairing rather than storing long-lived macaroons. 4) Protect your ~/.lnd macaroon and tls cert files; do not expose them to untrusted agents. 5) If you will allow autonomous agent use, restrict its budget/permissions or disable auto-pay to avoid unexpected spending.

Like a lobster shell, security has layers — review code before you run it.

latestvk976zxa4d57pfy2vnyhjjscq8180y605
1kdownloads
0stars
1versions
Updated 8h ago
v1.0.0
MIT-0
@roasbeef
latest
Download

lnget - Lightning-Native HTTP Client

lnget is a wget/curl-like CLI that natively handles L402 (Lightning HTTP 402) authentication. When a server responds with HTTP 402 and an L402 challenge, lnget automatically pays the Lightning invoice and retries with the paid token.

Source: github.com/lightninglabs/lnget

Quick Start

# 1. Install lnget
skills/lnget/scripts/install.sh

# 2. Initialize config (auto-detects local lnd)
lnget config init

# 3. Fetch an L402-protected resource
lnget --max-cost 1000 https://api.example.com/paid-data

Installation

skills/lnget/scripts/install.sh

This will:

  • Verify Go is installed
  • Run go install github.com/lightninglabs/lnget/cmd/lnget@latest
  • Verify lnget is on $PATH

To install manually:

go install github.com/lightninglabs/lnget/cmd/lnget@latest

Or build from source:

git clone https://github.com/lightninglabs/lnget.git
cd lnget
make install

Basic Usage

Downloads

# Fetch URL (output to stdout)
lnget https://api.example.com/data.json

# Save to file
lnget -o data.json https://api.example.com/data.json

# Quiet mode for piping
lnget -q https://api.example.com/data.json | jq .

# Resume partial download
lnget -c -o largefile.zip https://api.example.com/largefile.zip

# Custom HTTP method with data
lnget -X POST -d '{"query":"test"}' https://api.example.com/search

# Custom headers
lnget -H "Accept: text/plain" https://api.example.com/data

Payment Control

# Set maximum auto-pay amount (satoshis)
lnget --max-cost 5000 https://api.example.com/expensive.json

# Set maximum routing fee
lnget --max-fee 50 https://api.example.com/data.json

# Preview without paying (shows 402 challenge details)
lnget --no-pay https://api.example.com/data.json

# Custom payment timeout
lnget --payment-timeout 120s https://api.example.com/data.json

Output Modes

# JSON output (default, best for programmatic use)
lnget --json https://api.example.com/data.json

# Human-readable output
lnget --human https://api.example.com/data.json

# Verbose mode (shows L402 flow details)
lnget -v https://api.example.com/data.json

# Disable progress bar
lnget --no-progress -o file.zip https://api.example.com/file.zip

Subcommands

Token Management (lnget tokens)

Tokens are cached per-domain at ~/.lnget/tokens/<domain>/token.json and reused automatically on subsequent requests.

# List all cached tokens
lnget tokens list

# Show token for a specific domain
lnget tokens show api.example.com

# Remove token for a domain (forces re-authentication)
lnget tokens remove api.example.com

# Clear all tokens
lnget tokens clear --force

Configuration (lnget config)

# Initialize config file at ~/.lnget/config.yaml
lnget config init

# Show current configuration
lnget config show

# Show config file path
lnget config path

Lightning Backend (lnget ln)

# Check backend connection status
lnget ln status

# Show detailed node info
lnget ln info

LNC (Lightning Node Connect)

# Pair with a node via LNC pairing phrase
lnget ln lnc pair "your-pairing-phrase"

# Ephemeral pairing (no session persistence)
lnget ln lnc pair "phrase" --ephemeral

# List saved LNC sessions
lnget ln lnc sessions

# Revoke a session
lnget ln lnc revoke <session-id>

Neutrino (Embedded Wallet)

# Initialize embedded neutrino wallet
lnget ln neutrino init

# Get address to fund wallet
lnget ln neutrino fund

# Check wallet balance
lnget ln neutrino balance

# Show sync status
lnget ln neutrino status

Configuration File

Config lives at ~/.lnget/config.yaml. Run lnget config init to create it.

Note: lnget config init may generate incorrect YAML key names (e.g., tlscertpath and macaroonpath instead of tls_cert and macaroon) due to missing yaml struct tags in the lnget source. Use the example below as the reference config format. If your config was generated by lnget config init, verify the ln.lnd keys match the format shown here.

l402:
  max_cost_sats: 1000       # Max invoice to auto-pay
  max_fee_sats: 10           # Max routing fee
  payment_timeout: 60s       # Payment timeout
  auto_pay: true             # Enable auto-payment

http:
  timeout: 30s
  max_redirects: 10
  user_agent: "lnget/0.1.0"
  allow_insecure: false

ln:
  mode: lnd                  # Options: lnd, lnc, neutrino
  lnd:
    host: localhost:10009
    tls_cert: ~/.lnd/tls.cert
    macaroon: ~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon
    network: mainnet

output:
  format: json
  progress: true
  verbose: false

tokens:
  dir: ~/.lnget/tokens

Environment variables override config with LNGET_ prefix:

export LNGET_L402_MAX_COST_SATS=5000
export LNGET_LN_MODE=lnc
export LNGET_LN_LND_HOST=localhost:10009

Exit Codes

CodeMeaning
0Success
1General error
2Payment exceeds max cost
3Payment failed
4Network/connection error

L402 Flow

When lnget encounters a 402 response:

  1. Parses WWW-Authenticate: L402 macaroon="...", invoice="..." header
  2. Decodes the macaroon and BOLT11 invoice
  3. Checks invoice amount against --max-cost
  4. Stores a pending token (crash recovery)
  5. Pays the invoice via the configured Lightning backend
  6. Stores the paid token with preimage at ~/.lnget/tokens/<domain>/
  7. Retries the request with Authorization: L402 <macaroon>:<preimage>

Subsequent requests to the same domain reuse the cached token without payment.

Agent Integration Patterns

Budget-Aware Fetching

# Check cost before committing
result=$(lnget --no-pay --json https://api.example.com/data.json)
cost=$(echo "$result" | jq -r '.invoice_amount_sat // 0')

if [ "$cost" -le "$BUDGET" ]; then
    lnget --max-cost "$BUDGET" -q https://api.example.com/data.json
fi

Parsing JSON Output

# Extract just the response body
lnget --json -q https://api.example.com/data.json | jq '.body'

# Check if payment was required
lnget --json https://api.example.com/data.json | jq '.l402_paid'

Testing with Insecure Connections

# For local development with aperture (no TLS)
lnget -k https://localhost:8081/api/data

File Locations

PathPurpose
~/.lnget/config.yamlConfiguration file
~/.lnget/tokens/<domain>/Per-domain token storage
~/.lnget/lnc/sessions/LNC session persistence
~/.lnget/neutrino/Embedded wallet data

Comments

Loading comments...