pull down to refresh

VLS normally asks the user to approve transactions, so it will refuse to sign if the user didn't initiate the action. And since the device running VLS holds the LN keys, the node will not be able to independently sign the transactions (unlike a blind signer which would be open to the exploit you describe)
Thank you for answer! Follow up about scaling, afaik in a typical ln node quite a lot going on, that require sig ops - htlc, commitments, etc. Is user input required for all of this?
reply
The devs building VLS into their Lightning apps will be able to configure which actions do/don’t require user input.
They may also provide optional velocity controls which will allow routine payments to known destinations up to a limit (per hour/day/week/etc) defined by the user
reply