Agent Backlink Network

What to consider before installing and using this skill: - The code legitimately requires a Nostr private key (nsec) to sign and publish events and optionally a Lightning API key/config for payments. The registry metadata did NOT declare these required credentials — do not assume no secrets are needed. - If you try it, use a throwaway/agent-specific Nostr keypair (not your personal/multi-use key) so you don't expose a critical identity if something goes wrong. The SKILL.md and code instruct saving nsec in .secrets/nostr.json or NOSTR_PRIVATE_KEY. - For Lightning, prefer a wallet/provider account with limited privileges (e.g., an invoice-only key or a separate agent wallet) rather than your primary funds. Review .secrets/lightning.json usage in src/lightning.js to understand which API keys are needed and what they can do. - The skill will publish events to public Nostr relays you can't control. Anything you register (site info, bids) is publicly broadcast. Do not include private contact details or credentials in registrations or messages. - The verify flow crawls partner pages (network requests). If you run verification in an environment with elevated network or file access, consider isolating it (container or restricted VM). - Review the included source files yourself (or have a developer review them) before providing secrets. The code is readable and matches the described functionality, but the metadata omission is a red flag for sloppy packaging and could confuse non-technical users. - If you want to proceed safely: (1) run in an isolated agent environment, (2) use ephemeral/test keys, (3) audit the lightning provider permissions, and (4) consider limiting the skill's autonomous invocation or requiring explicit user confirmation before publishing or paying.