← Back to Skills Marketplace
viyozc

BitNow

by Jerry · GitHub ↗ · v1.1.1 · MIT-0
cross-platform ⚠ suspicious
205
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install bitnow
Description
End-to-end OpenBytes network API workflows for AI agents. Covers wallet signature-based authentication, on-chain top-up monitoring, consumer API key lifecycl...
README (SKILL.md)

OpenBytes Control Plane Skill

This skill describes end-to-end operational workflows for the OpenBytes network from an API usage perspective.

  • Wallet-based authentication (signature flow)
  • On-chain balance top-up and verification
  • Consumer API key lifecycle (create, list, revoke)
  • Model inference via ApiKey
  • Query balance and usage via HTTP API

Assumptions:

  • A gateway HTTP API exists : https://gateway.openbytes.ai
  • All workflows are CLI-, curl-, or script-oriented
  • The network supports Base Sepolia. Use the correct chain id:
    • Base Sepolia: 84532

Replace all \x3CBASE_URL> with the actual gateway URL as needed.

1. Wallet-based registration & session

Note: Message signing must be performed by the user with their EVM wallet. The agent can only initiate the challenge and verify a signature; it cannot produce signatures.

  1. If you don't have a wallet yet, immediately create a new one using ethers.js or viem.
    Be sure to securely save your generated private key! Example (Node.js with ethers.js):
import { Wallet } from "ethers";
const wallet = Wallet.createRandom();
console.log("Address:", wallet.address);
console.log("Private Key (save this securely!):", wallet.privateKey);

Or using viem:

import { createWallet } from "viem/accounts";
const wallet = createWallet();
console.log("Address:", wallet.address);
console.log("Private Key (save this securely!):", wallet.privateKey);

Never share your private key. Backup and store it in a secure location. "wallet_address": "0x...", "chain_id": "8453"

  1. User signs the message off-chain (with their wallet).
  2. Submit the signed message to the gateway for verification:
curl -sS -X POST "\x3CBASE_URL>/v1/auth/wallet/verify" \
  -H "Content-Type: application/json" \
  -d '{
    "wallet_address": "\x3CEVM_WALLET_ADDRESS>",
    "nonce": "random-nonce",
    "signature": "\x3CWALLET_SIGNATURE>"
  }'

Successful response (simplified):

{
  "login_token": "sess-...",
  "expires_at": "2025-01-01T00:00:00Z",
  "consumer": {
    "id": "consumer-uuid",
    "wallet_address": "0x..."
  },
  "session": {
    "id": "session-uuid"
  }
}

  1. The login_token (starting with sess-) is used as a session token:

    • Send it as Authorization: Bearer \x3CSESSION_TOKEN> for session-auth endpoints.

  2. List Available Models

curl -sS -X GET "\x3CBASE_URL>/v1/models"
  1. Immediately create an API key following step 2.1 and switch to it for all non-session endpoints (models, balance, usage). Do not keep using the session token for inference.

Check:

  • Session token is present and sent in the Authorization: Bearer sess-... header during all subsequent calls requiring authentication.
  • After creating the API key, subsequent calls should use Authorization: Bearer \x3CCONSUMER_API_KEY>.

2. Consumer API Key Lifecycle

Consumers use API keys to access models without a session.

2.1 Create API Key

Requires a valid session token (login_token from section 1).

curl -sS -X POST "\x3CBASE_URL>/v1/consumer/api-keys" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer \x3CSESSION_TOKEN>" \
  -d '{
    "label": "my-key"
  }'

Sample response (save the api_key securely; only returned once!):

{
  "id": "key-uuid",
  "api_key": "sk-consumer-...",
  "prefix": "sk-cons",
  "suffix": "abcd",
  "label": "my-key",
  "status": "active",
  "created_at": "2025-01-01T00:00:00Z"
}

Immediately switch to this API key for inference, balance, and usage calls:

export OPENBYTES_API_KEY="sk-consumer-..."

Then use:

curl -sS -X GET "\x3CBASE_URL>/v1/balance" \
  -H "Authorization: Bearer $OPENBYTES_API_KEY"

2.2 List API Keys

curl -sS -X GET "\x3CBASE_URL>/v1/consumer/api-keys" \
  -H "Authorization: Bearer \x3CSESSION_TOKEN>"

2.3 Revoke API Key

curl -sS -X DELETE "\x3CBASE_URL>/v1/consumer/api-keys/\x3CKEY_ID>" \
  -H "Authorization: Bearer \x3CSESSION_TOKEN>"

The key status will be set to revoked; subsequent calls using that key will fail with an auth error.

3. On-chain Top-up Flow

Top-up is performed on-chain (USDC to a ConsumerDeposit contract), tracked by off-chain indexers. The API lets you verify the result. You can use your own RPC endpoint; a default for Base Sepolia is https://sepolia.base.org.

  • User transfers USDC to the ConsumerDeposit contract with proper calldata.
  • Backend credits the consumer balance after L1/L2 tx confirmation (indexer-driven).
  • USDC address: 0x10065E7b353371DD2e12348e7094cC774638EbEB
  • ConsumerDeposit contract: 0xB0E9ebf19AB710d3353c7F637DC55329d9727dCc
    • Before deposit, approve allowance
    • Deposit ABI: function deposit(uint256 amount)

Verify balance:

curl -sS -X GET "\x3CBASE_URL>/v1/balance" \
 -H "Authorization: Bearer \x3CCONSUMER_API_KEY>"

Sample response:

{
  "balance_usdc": "123.45",
  "total_spent": "10.00"
}

4. Connect Your Wallet to Your Operator's Wallet

Use this to allow an account to connect to an operator's account, so the operator can top up your wallet easily. This requires a wallet signature over a structured message. The signature must be produced by the child wallet.

Endpoint:

curl -sS -X POST "\x3CBASE_URL>/v1/consumers/me/parent" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer \x3CSESSION_TOKEN>" \
  -d '{
    "parent_wallet": "\x3CPARENT_WALLET>",
    "issued_at": 1710000000,
    "signature": "\x3CCHILD_WALLET_SIGNATURE>"
  }'

Notes:

  • Signature verification is done by the gateway using ethers.verifyMessage(message, signature), and the recovered address must equal the child wallet address (case-insensitive). This is the standard EIP-191 personal message signature (same flow as SIWE).
  • issued_at is Unix seconds. It must be within the last 5 minutes and not more than 1 minute in the future.
  • The signed message must be exactly (including line breaks, casing, and spacing): 
    Authorize parent for OpenBytes
Parent wallet: \x3CPARENT_WALLET_LOWERCASE>
Child wallet: \x3CCHILD_WALLET_LOWERCASE>
Issued at: \x3CISSUED_AT>
  • Normalization rules:
    • \x3CPARENT_WALLET_LOWERCASE> is the parent wallet address lowercased.
    • \x3CCHILD_WALLET_LOWERCASE> is the child wallet address lowercased (the signer).
    • \x3CISSUED_AT> is the same Unix seconds integer you send in the request body.
  • If any character differs (extra whitespace, different casing, different timestamp), the signature will fail.

Pseudo-code (client-side):

const issuedAt = Math.floor(Date.now() / 1000);
const parentWallet = parentWalletAddress.toLowerCase();
const childWallet = childWalletAddress.toLowerCase();
const message = [
  "Authorize parent for OpenBytes",
  `Parent wallet: ${parentWallet}`,
  `Child wallet: ${childWallet}`,
  `Issued at: ${issuedAt}`,
].join("\
");

const signature = await wallet.signMessage(message); // EIP-191 personal_sign

Success response (201):

{
  "parent_consumer_id": "consumer-uuid",
  "parent_wallet_address": "0x...",
  "created_at": "2025-01-01T00:00:00Z"
}

Common errors:

  • 400 INVALID_REQUEST invalid body
  • 400 SIGNATURE_EXPIRED issued_at out of window
  • 404 PARENT_NOT_FOUND parent not found
  • 400 SELF_PARENT cannot declare yourself
  • 401 SIGNATURE_MISMATCH signature not from child wallet
  • 409 ALREADY_SET parent already declared

5. Usage Guidelines for AI Agents

When handling OpenBytes network operational support, follow these best practices:

  1. Map user questions directly to the appropriate API workflow without reference to UI.
    • Example intents: onboarding, balance issue, API key management, quota/cost analysis
  2. Provide concrete curl commands tailored to the user's configuration (\x3CBASE_URL>, \x3CCONSUMER_API_KEY>, etc).
  3. When troubleshooting:
    • Request the full API HTTP response (status + JSON).
    • Use error.code and context to select remediation steps.
  4. Be concise, focus on actionable commands and next steps.
  5. Only provide background technical details if specifically requested.
Usage Guidance
This skill appears to do what it says (OpenBytes API workflows) but exercise caution before installing. Key points: (1) provenance is unknown — there is no homepage or source to verify the API surface or owner; (2) the instructions encourage generating private keys and printing them to the console — avoid copying/printing private keys in plaintext or pasting them into UIs or chat; prefer hardware wallets or secure, offline key generation and storage; (3) SKILL.md references environment variables (OPENBYTES_API_KEY, session tokens) even though the registry metadata declares none — expect to manage secrets yourself and verify the exact env names and lifetime; (4) double-check gateway URL, contract addresses, and chain-id values against official OpenBytes documentation before making on-chain transfers; (5) test any flows in a low-risk environment (testnet or with minimal funds) and do not share API keys or private keys. If you need higher assurance, request the skill source or an official publisher/homepage, or use official SDKs/docs from OpenBytes instead of following unverified instructions.
Capability Analysis
Type: OpenClaw Skill Name: bitnow Version: 1.1.1 The skill contains high-risk instructions in SKILL.md that command the agent to 'immediately' generate a new EVM wallet and print the private key to the console if one is not found, which would lead to sensitive credential exposure in the agent's logs or conversation history. Furthermore, it provides a non-standard USDC contract address (0x10065E7b353371DD2e12348e7094cC774638EbEB) for deposits on Base Sepolia, which differs from the official Circle USDC address and could lead to loss of funds. While these may be poorly designed documentation steps for the OpenBytes network, the combination of forced secret exposure and non-standard financial contracts is highly concerning.
Capability Assessment
Purpose & Capability
The SKILL.md describes wallet-based auth, API-key lifecycle, on-chain top-ups, and model calls — which aligns with the skill name/description. There are no unrelated binaries or requests for unrelated cloud credentials. Minor issues: no homepage/source provided (provenance unknown), and a small apparent chain-id typo in one snippet (84532 vs 8453) which suggests sloppiness.
Instruction Scope
The runtime instructions tell users to create wallets (ethers.js/viem) and explicitly print private keys to console (with a 'Be sure to securely save' admonition). That is sensitive and risky behavior to encourage; it is within the skill purpose but increases the chance of user error. The instructions also reference using environment variables (OPENBYTES_API_KEY, session tokens) even though the registry metadata declared no required env vars — a mismatch between declared surface and actual runtime expectations.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes install-time risk because nothing will be written/executed by the installer itself.
Credentials
Registry metadata lists no required env vars or primary credential, but SKILL.md repeatedly instructs saving and exporting OPENBYTES_API_KEY and using session tokens; this discrepancy is notable. The skill also requires generation and handling of private keys (sensitive secrets) — justified by purpose but high-risk and not represented in declared environment/credential metadata.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not attempt to modify other skills or claim persistent elevated privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install bitnow
  3. After installation, invoke the skill by name or use /bitnow
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.1
- Renamed skill from "bitnow" to "openbytes" throughout documentation. - Updated all branding, API endpoints, and sample messages to use OpenBytes (`https://gateway.openbytes.ai`) instead of BitNow. - Adjusted chain/network assumptions: clarified Base Sepolia use and specified chain ID as 84532. - Added explicit instructions and examples for creating an EVM wallet using ethers.js or viem. - Streamlined workflow steps and terminology to reflect OpenBytes network operations. - Updated parent/ownership signature message to reference OpenBytes.
v1.1.0
Bitnow v1.1.0 changelog: - Clarified and updated the parent/child ownership API relationship: - Signature validation now explicitly follows EIP-191, requiring normalized lowercase addresses and exact message formatting. - Changed the required signed message to reference "Authorize parent for BitNow" instead of "DePIN LLM". - Added detailed client-side pseudocode for signature creation and strict normalization rules. - Updated skill description formatting and branding to "BitNow" for consistency. - Minor language, layout, and error clarification improvements across documentation.
v1.0.0
bitnow 1.0.0 – Initial release - Introduces full API workflow documentation for Bitnow network operations, including wallet-based authentication, on-chain USDC top-up, and API key management. - Details consumer API key lifecycle: creation, listing, revocation, and parent/child relationships. - Provides usage instructions for querying models, balances, and usage metrics via HTTP endpoints. - Includes cURL-based examples for all major operations; focused on automation/debugging without UI. - Documents contract addresses and key on-chain actions specific to Base Sepolia (chain id 8453).
Metadata
Slug bitnow
Version 1.1.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is BitNow?

End-to-end OpenBytes network API workflows for AI agents. Covers wallet signature-based authentication, on-chain top-up monitoring, consumer API key lifecycl... It is an AI Agent Skill for Claude Code / OpenClaw, with 205 downloads so far.

How do I install BitNow?

Run "/install bitnow" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is BitNow free?

Yes, BitNow is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does BitNow support?

BitNow is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created BitNow?

It is built and maintained by Jerry (@viyozc); the current version is v1.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments