← Back to Skills Marketplace
echennells

Deploy Spark Bitcoin L2 Proxy

by echennells · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
678
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install sparkbtcbot-proxy-deploy
Description
Deploy a serverless Spark Bitcoin L2 proxy on Vercel with spending limits, auth, and Redis logging. Use when user wants to set up a new proxy, configure env...
Usage Guidance
This skill does what it says (deploys a wallet-backed proxy) but it requires handing over highly sensitive secrets — most importantly the wallet mnemonic and cloud/service tokens — and the registry metadata did not list those requirements. Before proceeding: 1) Do not paste your real mnemonic or long-term keys into anything you haven't audited; consider using a throwaway/test mnemonic with minimal funds for initial testing. 2) Review the GitHub repository and its package.json (npm deps) for unexpected code or network calls before running npm install. 3) Limit Upstash and Vercel credential scopes where possible, create least-privilege API keys, and rotate them after setup. 4) Use the proxy's scoped tokens (invoice/admin) and set conservative MAX_TRANSACTION_SATS and DAILY_BUDGET_SATS values. 5) Ask the publisher to fix the registry metadata to enumerate the required env vars and describe exactly what each secret is used for. If you are uncomfortable storing a mnemonic in Vercel envs, consider self-hosting or alternative architectures (read-only endpoints, custodial services, or hardware-based signing).
Capability Analysis
Type: OpenClaw Skill Name: sparkbtcbot-proxy-deploy Version: 1.0.0 The skill instructs the AI agent to perform high-risk operations necessary for deploying a serverless proxy, including cloning and executing code from an external GitHub repository (`echennells/sparkbtcbot-proxy.git`), making network calls with user-provided credentials (Upstash API key, Vercel token), and handling sensitive data like a BIP39 mnemonic. While these actions are aligned with the stated purpose of deploying the proxy, the extensive use of shell commands with interpolated values (e.g., `curl` commands in SKILL.md) creates a significant shell injection vulnerability if the AI agent does not rigorously sanitize user inputs. There is no evidence of intentional malicious behavior such as data exfiltration or backdoor installation within the skill's instructions, but the inherent risks associated with these operations warrant a 'suspicious' classification.
Capability Assessment
Purpose & Capability
The skill's name and description (deploy a Spark Bitcoin L2 proxy on Vercel with auth, spending limits, and Redis logging) align with the actions described in SKILL.md: cloning a GitHub repo, installing Node dependencies, creating an Upstash Redis instance, setting Vercel env vars, and deploying. However, the registry metadata states 'Required env vars: none' while the SKILL.md requires multiple environment variables (SPARK_MNEMONIC, UPSTASH_REDIS_REST_URL/TOKEN, API_AUTH_TOKEN, etc.). That metadata omission is inconsistent and should be corrected.
Instruction Scope
The runtime instructions direct the operator to handle and provision highly sensitive secrets: the wallet BIP39 mnemonic (controls funds), Upstash credentials, and Vercel tokens / project config. They also instruct cloning and npm installing a third-party GitHub repo (which will pull dependencies). Those actions are coherent with deploying this proxy, but they expand the trust surface significantly: the operator must review the repo and its dependencies because those components will run with access to the mnemonic and tokens. The SKILL.md also prescribes creating credentials via APIs (Upstash, Vercel) — reasonable for deployment but sensitive.
Install Mechanism
This is an instruction-only skill (no install spec), so nothing will be written by the skill itself. The instructions tell the user to git clone https://github.com/echennells/sparkbtcbot-proxy.git and run npm install. That is normal for deploying a Node app, but it means you should audit the repository and its npm dependencies before running them because arbitrary code will be fetched and executed on your machine or deployment target.
Credentials
The SKILL.md requires multiple sensitive environment values (SPARK_MNEMONIC, UPSTASH_REDIS_REST_URL and REST_TOKEN, API_AUTH_TOKEN, Vercel token / project/team ids implicitly, plus spending caps). These are proportionate to running a wallet-backed proxy, but they are high-risk secrets. The registry metadata failing to declare these required env vars increases concern: the skill was published without listing the sensitive data it requires. Ensure each secret is strictly necessary and scoped appropriately (use least privilege, limited budgets, and rotate tokens).
Persistence & Privilege
The skill is not marked always:true, has no install script, and does not request persistent platform-level privileges. It does not modify other skills or system-wide agent settings. Deployment will create external resources (Upstash DB, Vercel deployment) but that is expected for this use case.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install sparkbtcbot-proxy-deploy
  3. After installation, invoke the skill by name or use /sparkbtcbot-proxy-deploy
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial publish — Vercel deployment guide with Upstash Redis, env vars, token management
Metadata
Slug sparkbtcbot-proxy-deploy
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Deploy Spark Bitcoin L2 Proxy?

Deploy a serverless Spark Bitcoin L2 proxy on Vercel with spending limits, auth, and Redis logging. Use when user wants to set up a new proxy, configure env... It is an AI Agent Skill for Claude Code / OpenClaw, with 678 downloads so far.

How do I install Deploy Spark Bitcoin L2 Proxy?

Run "/install sparkbtcbot-proxy-deploy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Deploy Spark Bitcoin L2 Proxy free?

Yes, Deploy Spark Bitcoin L2 Proxy is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Deploy Spark Bitcoin L2 Proxy support?

Deploy Spark Bitcoin L2 Proxy is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Deploy Spark Bitcoin L2 Proxy?

It is built and maintained by echennells (@echennells); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments