ClawHub

Satgate

v2.0.0

Manage your API's economic firewall from the terminal. Mint tokens, check status, validate tokens, wrap agent commands. The server-side counterpart to lnget.

0· 154·0 current·0 all-time
by@wmattadeen-gif

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wmattadeen-gif/satgate-cli.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Satgate" (wmattadeen-gif/satgate-cli) from ClawHub.
Skill page: https://clawhub.ai/wmattadeen-gif/satgate-cli
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install satgate-cli

ClawHub CLI

Package manager switcher

npx clawhub@latest install satgate-cli
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (manage API tokens, mint/validate, wrap agent commands) align with the included scripts and SKILL.md. The install script downloads a satgate-cli binary and the configure/health scripts operate on ~/.satgate/config.json — all consistent with the stated purpose.
Instruction Scope
SKILL.md stays on-topic (init, status, mint, token validate, wrap). Important operational detail: 'wrap' starts a local HTTP proxy that injects a bearer token into every outbound request — powerful but consistent with the described functionality. No instructions request unrelated files or credentials.
Install Mechanism
Installer downloads release binaries from GitHub releases (github.com/SatGate-io/satgate-cli), attempts SHA256 verification, and installs to /usr/local/bin (sudo if needed). Using GitHub releases is an acceptable install source; the script will skip verification if SHA256SUMS is unavailable which reduces assurance — user should verify checksums or build from source if concerned.
Credentials
The skill logically needs a SATGATE_API_KEY / SATGATE_CLOUD_URL / SATGATE_TOKEN, and SKILL.md documents these, but the registry metadata lists no required env vars or primary credential. That metadata omission is an inconsistency users should be aware of (the skill will ask for an API key interactively and/or read env vars, and stores it in ~/.satgate/config.json).
Persistence & Privilege
Skill is not always-enabled, does not request elevated platform privileges beyond installing a CLI to a system path (may require sudo), and only writes its own config under the user's home directory. No evidence it modifies other skills or system-wide agent settings.
Assessment
This skill appears to do what it says, but take these precautions before installing: 1) Verify the GitHub repo (SatGate-io/satgate-cli) and release tag match the published project and homepage; 2) Prefer checksum verification or build from source if the install script can't fetch SHA256SUMS; 3) Installing to /usr/local/bin may require sudo — review the binary before executing it; 4) Understand that 'satgate-cli wrap' launches a local HTTP proxy that will inject your SatGate token into all outbound HTTP requests — only run it for trusted agent code and keep API keys/tokens private; 5) The registry metadata omitted required env var declarations (SATGATE_API_KEY, SATGATE_CLOUD_URL, SATGATE_TOKEN), so expect interactive prompts and a config file at ~/.satgate/config.json (script sets chmod 600). If you have any doubt, inspect or build the satgate-cli binary from source before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk970c020dexj8btb5e9y9vwrj5834bjz
154downloads
0stars
1versions
Updated 1mo ago
v2.0.0
MIT-0
@wmattadeen-gif
latest
Download

SatGate CLI

SatGate CLI manages API access and token governance for the agent economy. Use it when you need to control what agents can access, mint capability tokens, and run agents through SatGate's budget-enforced proxy.

They're the wallet. We're the register.

If the agent needs to pay for L402 APIs, install lnget from Lightning Labs. SatGate is for the server side — enforcement, attribution, and governance.

Setup

Run scripts/configure.sh for interactive setup, or satgate-cli init to configure via the CLI directly.

# Interactive CLI setup (connects to SatGate Cloud)
satgate-cli init

Or set environment variables:

# For SatGate Cloud
export SATGATE_CLOUD_URL=https://cloud.satgate.io
export SATGATE_API_KEY=sg_your_api_key

Always run satgate-cli status first to confirm you're connected to the right tenant.

Safety Rules

  1. Check target first — run satgate-cli status before any operation to verify tenant and plan.
  2. Validate before trusting — use satgate-cli token validate to verify any token.
  3. Wrap agents for enforcement — use satgate-cli wrap to route agent traffic through SatGate.

Commands

Interactive setup

satgate-cli init    # Configure Cloud URL, API key, validate, save to ~/.satgate/config.json

Check gateway status

satgate-cli status    # Tenant info, plan, request count, blocked count, total spend, active agents

Mint a token for an agent

# Mint via Identity Provider → SatGate Mint exchange
satgate-cli mint --subject "my-agent"

# With custom audience
satgate-cli mint --subject "my-agent" --audience "satgate"

The mint flow: CLI gets a JWT from the configured Identity Provider, then exchanges it with SatGate Mint for a macaroon token with embedded policy and budget.

Validate a token

satgate-cli token validate <macaroon-token>

Wrap an agent command through SatGate proxy

# Run any command with SatGate as HTTP proxy — injects token automatically
satgate-cli wrap --token <macaroon> -- python my_agent.py
satgate-cli wrap --token <macaroon> --gateway https://gw.example.com -- node agent.js
satgate-cli wrap --token <macaroon> -- curl https://api.openai.com/v1/chat/completions

The wrap command starts a local HTTP proxy that injects the SatGate Bearer token into every outbound request. Set SATGATE_TOKEN env var as an alternative to --token.

Version

satgate-cli version    # Show version, commit, build date

Common Workflows

"New agent needs API access"satgate-cli mint --subject "agent-name"

"Is the gateway healthy?"satgate-cli status

"Run an agent through SatGate"satgate-cli wrap --token <token> -- python my_agent.py

"Verify a token is valid"satgate-cli token validate <token>

MCP Bridge (for Cursor / Claude Code)

To connect MCP clients like Cursor or Claude Code to SatGate's budget-enforced proxy, use the npm bridge:

{
  "mcpServers": {
    "satgate": {
      "command": "npx",
      "args": ["-y", "satgate-mcp-bridge"],
      "env": {
        "SATGATE_URL": "https://satgate-mcp-saas.fly.dev",
        "SATGATE_TOKEN": "your-token-here"
      }
    }
  }
}

Get your token from cloud.satgate.io/cloud/mcp/connect.

Pairing with lnget

SatGate (server-side) + lnget (client-side) = complete agent commerce stack.

  • lnget: Agents pay for L402-gated APIs automatically
  • SatGate CLI: Operators mint tokens, validate access, wrap agent commands

An agent using lnget hits your SatGate-protected endpoint → SatGate enforces the budget and attributes the cost.

Comments

Loading comments...