Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
API配额监控与手动切换
v1.0.1实时监控OpenClaw模型API配额,配额不足时询问用户确认后再切换模型,支持多模型优先级和手动指定切换。
⭐ 0· 504·4 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to monitor OpenClaw API usage and switch models; the code reads OpenClaw config (openclaw.json) and recent session logs (sessions.json), updates the model in the config, and restarts the gateway. These requirements (file access and ability to restart the gateway) are coherent and necessary for the stated functionality.
Instruction Scope
SKILL.md and the script limit actions to checking session data, reporting suggestions, writing the model field in openclaw.json, writing logs, and restarting the OpenClaw gateway. This stays within the described scope. Note: the script will read session files (which may contain session data) and writes to logs and config; those are privacy-relevant but expected for this purpose.
Install Mechanism
No install spec; the skill is instruction-only with an included Python script. Nothing is downloaded or installed automatically by the skill itself, so there is low install-time risk.
Credentials
The skill does not request external credentials or unrelated env vars. It optionally honors OPENCLAW_DIR and LOG_DIR environment variables. However, it requires filesystem write permission to the OpenClaw config and the ability to kill/start the OpenClaw gateway process, which are elevated actions and should only be granted if you trust the script and understand the operational impact.
Persistence & Privilege
always:false (not force-included). The skill modifies its product's own config file (openclaw.json) and restarts the gateway — this is consistent with its function. It does not attempt to modify other skills or system-wide agent settings beyond controlling OpenClaw. Autonomous invocation is permitted by default but not unusual; combine that with the config-modifying behavior only if you want agents to be able to act without manual confirmation.
Assessment
This skill appears to do what it says: check recent session errors and (after user confirmation) update ~/.openclaw/openclaw.json and restart the OpenClaw gateway. Before installing or running it, consider: 1) Review and backup your OpenClaw config (openclaw.json) so you can restore if something changes unexpectedly. 2) The script requires permission to write the config and to stop/start the gateway (it runs pkill and launches 'openclaw gateway start'); only run it as a user who should have that privilege. 3) Sessions files may contain sensitive session data — ensure you are comfortable the script will read those paths. 4) Test in a non-production environment first (use --check and --ask) and inspect the code (it's included) if you have concerns. 5) If you don't want automated restarts, avoid running --confirm automatically (cron should only run --check).Like a lobster shell, security has layers — review code before you run it.
apivk979m3y0dgrzc29117tc6aqcf581qj0elatestvk979m3y0dgrzc29117tc6aqcf581qj0emonitorvk979m3y0dgrzc29117tc6aqcf581qj0equotavk979m3y0dgrzc29117tc6aqcf581qj0e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.