Description

Bake, inspect, and manage lnd macaroons for least-privilege agent access. Use when an agent needs scoped credentials — pay-only, invoice-only, read-only, or custom permissions. Also covers signer macaroon scoping and macaroon rotation.

README (SKILL.md)

Macaroon Bakery

Name: lnd macaroon bakery
Author: roasbeef

Bake custom lnd macaroons so every agent gets only the permissions it needs. Never hand out admin.macaroon in production — bake a scoped one instead.

Quick Start

# Bake a pay-only macaroon
skills/macaroon-bakery/scripts/bake.sh --role pay-only

# Bake an invoice-only macaroon
skills/macaroon-bakery/scripts/bake.sh --role invoice-only

# Bake a read-only macaroon
skills/macaroon-bakery/scripts/bake.sh --role read-only

# Inspect any macaroon
skills/macaroon-bakery/scripts/bake.sh --inspect ~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon

# List all available lnd permissions
skills/macaroon-bakery/scripts/bake.sh --list-permissions

Docker

The litd container is auto-detected. You can also specify --container:

# Auto-detect litd container (default)
skills/macaroon-bakery/scripts/bake.sh --role pay-only

# Explicit container
skills/macaroon-bakery/scripts/bake.sh --role pay-only --container litd

# Inspect a macaroon inside a container
skills/macaroon-bakery/scripts/bake.sh --inspect /root/.lnd/data/chain/bitcoin/testnet/admin.macaroon --container litd

Remote Nodes

To bake macaroons on a remote lnd node, provide the connection credentials:

# Bake a pay-only macaroon on a remote node
skills/macaroon-bakery/scripts/bake.sh --role pay-only \
    --rpcserver remote-host:10009 \
    --tlscertpath ~/remote-tls.cert \
    --macaroonpath ~/remote-admin.macaroon \
    --save-to ~/remote-pay-only.macaroon

You need lncli installed locally and copies of the node's TLS cert and a macaroon with macaroon:generate permission (typically admin.macaroon).

Preset Roles

Role	What the agent can do	Cannot do
`pay-only`	Pay invoices, decode invoices, get node info	Create invoices, open channels, see balances
`invoice-only`	Create invoices, lookup invoices, get node info	Pay, open channels, see wallet balance
`read-only`	Get info, balances, list channels/peers/payments	Pay, create invoices, open/close channels
`channel-admin`	All of read-only + open/close channels, connect peers	Pay invoices, create invoices
`signer-only`	Sign transactions, derive keys (for remote signer)	Everything else

Baking Custom Macaroons

For permissions not covered by presets, bake a custom macaroon:

# Custom: agent can only pay and check wallet balance
skills/macaroon-bakery/scripts/bake.sh --custom \
    uri:/lnrpc.Lightning/SendPaymentSync \
    uri:/lnrpc.Lightning/DecodePayReq \
    uri:/lnrpc.Lightning/WalletBalance \
    uri:/lnrpc.Lightning/GetInfo

# Custom with explicit output path
skills/macaroon-bakery/scripts/bake.sh --custom \
    uri:/lnrpc.Lightning/AddInvoice \
    uri:/lnrpc.Lightning/GetInfo \
    --save-to ~/my-agent.macaroon

Discovering Permissions

# List all available URI permissions
skills/macaroon-bakery/scripts/bake.sh --list-permissions

# Filter for specific service
skills/macaroon-bakery/scripts/bake.sh --list-permissions | grep -i invoice

# Filter for routing-related permissions
skills/macaroon-bakery/scripts/bake.sh --list-permissions | grep -i router

Inspecting Macaroons

# See what permissions a macaroon has
skills/macaroon-bakery/scripts/bake.sh --inspect \x3Cpath-to-macaroon>

# Inspect the admin macaroon to see full permissions
skills/macaroon-bakery/scripts/bake.sh --inspect ~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon

Signer Macaroon Scoping

When using the lightning-security-module skill, the credentials bundle includes admin.macaroon by default. For production, bake a signing-only macaroon on the signer machine:

# On the signer container
skills/macaroon-bakery/scripts/bake.sh --role signer-only \
    --container litd-signer --rpc-port 10012

# Or on a native signer
skills/macaroon-bakery/scripts/bake.sh --role signer-only \
    --rpc-port 10012 --lnddir ~/.lnd-signer

# Then re-export the credentials bundle with the scoped macaroon

Macaroon Rotation

Rotate macaroons regularly to limit the window if one is compromised:

# 1. Bake a new macaroon with the same role
skills/macaroon-bakery/scripts/bake.sh --role pay-only --save-to ~/pay-only-v2.macaroon

# 2. Update your agent config to use the new macaroon

# 3. Delete the old macaroon's root key (invalidates it)
skills/lnd/scripts/lncli.sh bakemacaroon --root_key_id 0
# Note: use lncli listmacaroonids and deletemacaroonid for fine-grained control

Best Practices

One macaroon per agent role. Don't share macaroons between agents with different responsibilities.
Never use admin.macaroon in production. It's the master key.
Inspect before deploying. Always verify what a baked macaroon can do.
Rotate on a schedule. Monthly for production, immediately if compromised.
Scope signer macaroons too. The remote signer's credentials bundle should use signer-only, not admin.
Store with 0600 permissions. Macaroons are bearer tokens — treat like passwords.

Common Permission URIs

Permission	Description
`uri:/lnrpc.Lightning/GetInfo`	Node info (version, pubkey, sync status)
`uri:/lnrpc.Lightning/WalletBalance`	On-chain wallet balance
`uri:/lnrpc.Lightning/ChannelBalance`	Lightning channel balance
`uri:/lnrpc.Lightning/ListChannels`	List open channels
`uri:/lnrpc.Lightning/ListPeers`	List connected peers
`uri:/lnrpc.Lightning/SendPaymentSync`	Pay a Lightning invoice
`uri:/lnrpc.Lightning/DecodePayReq`	Decode a BOLT11 invoice
`uri:/lnrpc.Lightning/AddInvoice`	Create a Lightning invoice
`uri:/lnrpc.Lightning/LookupInvoice`	Look up an invoice by hash
`uri:/lnrpc.Lightning/ListInvoices`	List all invoices
`uri:/lnrpc.Lightning/ListPayments`	List all payments
`uri:/lnrpc.Lightning/ConnectPeer`	Connect to a peer
`uri:/lnrpc.Lightning/OpenChannelSync`	Open a channel
`uri:/lnrpc.Lightning/CloseChannel`	Close a channel
`uri:/signrpc.Signer/SignOutputRaw`	Sign a transaction output
`uri:/signrpc.Signer/ComputeInputScript`	Compute input script for signing
`uri:/signrpc.Signer/MuSig2Sign`	MuSig2 signing
`uri:/walletrpc.WalletKit/DeriveKey`	Derive a key
`uri:/walletrpc.WalletKit/DeriveNextKey`	Derive next key in sequence

Usage Guidance

This skill appears to do what it claims (bake and inspect lnd macaroons), but exercise caution before installing and running it: 1) The metadata omits required binaries — ensure lncli is installed and accessible; the script also calls docker and jq in some flows. 2) The script reads and may copy highly sensitive macaroon files (including admin.macaroon). Only run it on trusted machines, provide minimal credentials (use a scoped macaroon for baking whenever possible), and verify the SAVE_TO path and file permissions (store macaroons as 0600). 3) Review the full bake.sh script yourself (or in a secure environment) before use—the owner is unknown. 4) When operating on remote nodes, be careful with --macaroonpath and --tlscertpath; avoid transmitting admin macaroons to untrusted hosts. If you want to proceed, ask the maintainer to update the skill metadata to list required binaries (lncli, jq, docker) and provide checks for those dependencies.

Capability Analysis

Type: OpenClaw Skill Name: lnd-macaroon-bakery Version: 1.0.0 This skill bundle provides tools to bake, inspect, and manage LND macaroons, which is a security-focused task aimed at implementing least-privilege access. The `SKILL.md` documentation clearly outlines the purpose and usage, with no evidence of prompt injection or instructions for malicious actions. The `scripts/bake.sh` script correctly uses `lncli` to perform macaroon operations, handles arguments with proper quoting, and includes security best practices like setting restrictive file permissions (chmod 600). While it utilizes powerful commands like `docker exec` and `docker cp`, these are used for their intended purpose of interacting with LND nodes running in containers or remotely, without any indication of malicious intent such as data exfiltration, persistence, or unauthorized command execution.

Capability Assessment

⚠ Purpose & Capability

The skill is for baking and inspecting lnd macaroons and the included script implements that. However, the registry metadata declares no required binaries or environment variables, while the script clearly requires lncli (mandatory), and uses docker and jq in common flows. The omitted dependencies in metadata are an incoherence and could lead to silent failures or unexpected behavior.

ℹ Instruction Scope

SKILL.md and the script instruct the agent to read, copy, and inspect macaroon files (including admin.macaroon) and TLS certs, and to copy files into/out of containers. These actions are necessary for the stated purpose but operate on highly sensitive bearer tokens; the instructions do not add unrelated file/system access. The documentation explicitly recommends using admin.macaroon only for baking and warns not to use it in production — appropriate, but risky if the user follows examples that inspect or copy admin.macaroon without strong safeguards.

✓ Install Mechanism

This is an instruction-only skill with a shell script; there is no network download or install step. That keeps install risk low. (Note: the script relies on external binaries but does not install them itself.)

ℹ Credentials

The skill does not request secrets or environment variables in metadata, which is good. In practice the script uses/accepts paths to TLS certs and macaroons (user-supplied) and may rely on LND_DIR, NETWORK, and other shell env vars. The credential access it needs (macaroon files, TLS certs) is proportional to its purpose, but the metadata should have declared lncli/jq/docker as required binaries so users understand what will be accessed/executed.

✓ Persistence & Privilege

always is false and the skill is user-invocable; it does not request persistent or platform-wide privileges, nor does it modify other skill configs. No elevated persistence behavior was found in the provided files.

Version History

v1.0.0

Initial release of lnd-macaroon-bakery. - Bake least-privilege lnd macaroons for pay-only, invoice-only, read-only, channel-admin, and signer-only roles. - Inspect macaroons to verify permissions before use. - Supports custom permission sets for fine-grained access control. - Works with local, Docker, and remote lnd nodes. - Features macaroon rotation and signer macaroon scoping (for lightning-security-module). - Includes guidance and best practices to avoid using `admin.macaroon` in production.

Metadata

Slug lnd-macaroon-bakery

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is lnd macaroon bakery?

Bake, inspect, and manage lnd macaroons for least-privilege agent access. Use when an agent needs scoped credentials — pay-only, invoice-only, read-only, or custom permissions. Also covers signer macaroon scoping and macaroon rotation. It is an AI Agent Skill for Claude Code / OpenClaw, with 1030 downloads so far.

How do I install lnd macaroon bakery?

Run "/install lnd-macaroon-bakery" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is lnd macaroon bakery free?

Yes, lnd macaroon bakery is completely free (open-source). You can download, install and use it at no cost.

Which platforms does lnd macaroon bakery support?

lnd macaroon bakery is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created lnd macaroon bakery?

It is built and maintained by Roasbeef (@roasbeef); the current version is v1.0.0.

More Skills

lnd macaroon bakery