ClawHub

Mutinynet CLI

v0.1.1

Interact with the Mutinynet Bitcoin testnet faucet. Get testnet bitcoin on-chain, pay lightning invoices, open lightning channels, and generate bolt11 invoic...

0· 97·0 current·0 all-time
by@benthecarman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Mutinynet faucet CLI) match the included source and SKILL.md: the binary talks to faucet.mutinynet.com, implements onchain/lightning/channel/bolt11 flows, and performs GitHub device-flow login. The manifest and code reference the expected GitHub and faucet endpoints; nothing unrelated (no cloud provider keys, no system-level credentials) is requested.
Instruction Scope
SKILL.md instructions are narrow and consistent: install via cargo or download a release, run mutinynet-cli login to perform GitHub device flow, then use commands that call the faucet API. The instructions reference a token stored at ~/.mutinynet/token and optional env vars (MUTINYNET_FAUCET_URL / MUTINYNET_FAUCET_TOKEN) which the code actually respects. The instructions do not ask the agent to read unrelated files or exfiltrate data.
Install Mechanism
There is no platform install spec in the registry (instruction-only), but SKILL.md recommends installing via cargo or using GitHub Releases. Installing from source via cargo is normal; if using prebuilt releases, verify release artifacts and the publisher. No opaque download URLs or extract/install scripts are embedded in the skill bundle.
Credentials
The registry lists no required env vars, and the code only uses MUTINYNET_FAUCET_URL and MUTINYNET_FAUCET_TOKEN (and falls back to a token file). Requesting/storing a faucet JWT in ~/.mutinynet/token is proportionate to the CLI's purpose. Users should note the token is written unencrypted to the home directory, and the GitHub device flow requests limited scope (user:email).
Persistence & Privilege
The skill is not always-on, does not request elevated privileges, and only writes its own token file (~/.mutinynet/token). It does not modify other skills or system-wide agent settings. Autonomous invocation is enabled by default but not combined with other red flags.
Assessment
This skill appears to do exactly what it says: a CLI that talks to faucet.mutinynet.com and uses GitHub device-flow for login. Before installing, verify you trust the Mutinynet faucet and the GitHub repo/releases (inspect release binaries or build from source with cargo). Be aware the tool stores a faucet JWT unencrypted at ~/.mutinynet/token and that network calls are made to the faucet and to GitHub during login. If you don't trust the faucet URL or prebuilt binaries, build from source and review the code (the included source matches the documented behavior). If you want extra caution, set MUTINYNET_FAUCET_URL to a vetted endpoint or avoid saving tokens on disk.

Like a lobster shell, security has layers — review code before you run it.

latestvk9784emt8ftq5ecs37myww39n9832bnp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments