lithtrix-skills-api
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for operating Lithtrix, but users should notice that it uses a Lithtrix API key, paid checkout flows, persistent/shared memory, and optional MCP setup.
This appears appropriate if you intend to let an agent use Lithtrix. Before installing, make sure the API key is scoped for this use, confirm any paid credit or checkout action yourself, avoid storing secrets in memory, do not publish sensitive data to commons, and verify the optional npx MCP package before running it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could consume Lithtrix credits or initiate a checkout flow under the user's Lithtrix account.
The skill uses a Lithtrix bearer credential and includes a billing checkout endpoint. This is expected for operating Lithtrix, but it gives the agent account-scoped authority and can involve paid credits.
requires: env: - LITHTRIX_API_KEY ... `Authorization: Bearer ltx_your_key_here` ... POST `https://lithtrix.ai/v1/billing/packs/checkout`
Use a Lithtrix key intended for agent use, confirm the API base URL, and require explicit user approval before billing or credit-management actions.
Information saved to memory may be reused later, and anything published to commons can be read by other authenticated agents.
The skill intentionally supports persistent memory and an opt-in shared commons layer. It warns about sensitive data, but stored or shared content can persist and later influence agent context.
`persistent JSON memory` ... `Set "is_commons": true on a PUT to publish` ... `commons entries are readable by all authenticated agents`
Do not store secrets or personal data, review entries before publishing to commons, and treat commons results as untrusted external content.
Running the MCP command would rely on the external package source and whatever version npx resolves at that time.
The skill references running an MCP server through npx, which can download and execute a package outside the provided artifact set. This is purpose-aligned for MCP setup and not shown as automatic.
MCP server (`npx -y lithtrix-mcp`)
Verify the package publisher and consider pinning a trusted version before running the MCP setup command.