ClawHub

Lightningprox

v1.4.0

Pay-per-use AI gateway via Bitcoin Lightning. No API keys, no account — pay sats, get inference. Supports Anthropic (claude-opus-4-5-20251101, claude-sonnet-...

0· 757·2 current·2 all-time
by@unixlamadev-spec
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description advertise a Lightning-pay AI gateway. The only required env var is LIGHTNINGPROX_SPEND_TOKEN (used for the 'spend token' flow). Declared network access (lightningprox.com) matches the purpose. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs the agent to POST requests to lightningprox.com using either an X-Spend-Token header or the L402 payment flow (receiving an invoice, paying from a Lightning wallet, then retrying with an Authorization header). Those instructions are within scope for a pay-per-request gateway. Note: runtime behavior will send user prompts to an external third party and can incur real Lightning payments; this is expected but has privacy and cost implications.
Install Mechanism
Instruction-only skill with no install spec, no downloads, and no code files to execute — lowest installation risk. The README suggests an optional npm package (lightningprox-openai); installing that package is separate and should be reviewed before use.
Credentials
Only LIGHTNINGPROX_SPEND_TOKEN is declared as required, which is appropriate for the spend-token authentication flow. No additional secrets or unrelated env vars are requested.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request elevated persistent privileges or modify other skills. Autonomous invocation remains possible (platform default) but is not a special property of this skill.
Assessment
This skill is internally consistent for a Lightning-pay AI gateway, but before installing consider: (1) Privacy — every prompt and any uploaded image will be sent to lightningprox.com and logged by that operator; (2) Costs — the L402 flow requires paying Bolt11 invoices from your Lightning wallet and the spend token will be used to draw down prepaid balance; (3) Secrets — keep LIGHTNINGPROX_SPEND_TOKEN secret and avoid placing it in shared environments; (4) Autonomy — if you allow autonomous agent invocation, it could make paid requests without prompting you; consider restricting or auditing calls. Also review the optional npm package (lightningprox-openai) on its registry to confirm it's trustworthy before installing. If you need higher assurance, request the provider's source code, privacy policy, or an audited client library before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97670w2gvtr2ebgfv2z452w6x846s2n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
EnvLIGHTNINGPROX_SPEND_TOKEN

Comments