Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
llm-key-pool
v1.0.0多平台API Key分层轮询与智能故障转移;当用户需要绕过单一API Key速率限制、实现高可用大模型调用或管理多厂商API密钥池时使用
⭐ 0· 11·0 current·0 all-time
byRiver@chatgpt34993
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description and code (key_pool, llm_client, config_loader) are consistent with a multi-tier API-key rotation/failover tool. However the README/SKILL.md claim broad support for many providers and some provider-specific quirks (e.g., Google requiring URL-parameter keys) while the visible client code only special-cases Anthropic and otherwise uses a generic OpenAI-compatible Authorization header. That suggests the implementation may not actually support all the provider-specific authentication/formatting notes in the docs. Also the repository includes unrelated example files (binary_tree) which are not needed for the stated purpose.
Instruction Scope
Runtime instructions ask the user to create an llm_config.yaml and run the client; that's appropriate. But there are inconsistencies: README/SKILL.md instruct to copy assets/llm_config.yaml.example which is not present in the manifest (there is assets/llm_config.quickstart.yaml instead). The declared entrypoint in skill.yaml is scripts/run.sh which calls the CLI name 'llm-key-pool' (installed via pip), yet SKILL.md also shows running python -m llm_key_pool.llm_client — the two entry methods assume different installation steps. These mismatches could cause runtime confusion. The instructions do not request unrelated system files or environment variables — they expect the user to place API keys in a YAML file.
Install Mechanism
There is no remote download or install hook in the skill registry metadata (instruction-only), which minimizes supply-chain risk. The package includes Python code and a pyproject/requirements, meaning realistic usage generally requires pip install (or running with python -m). The skill.yaml entrypoint references scripts/run.sh and a CLI 'llm-key-pool' script (defined in pyproject), so some install step is expected but not described consistently in SKILL.md — minor coherence issue but not an obvious security hazard.
Credentials
The skill does not request platform environment variables or credentials from the runtime environment; instead it expects API keys provided by the user in a local YAML config (llm_config.yaml). That is proportionate to the declared purpose. Note: storing many provider keys in one local file is sensitive; the project .gitignore excludes llm_config.yaml which is appropriate but users must still avoid committing it or sharing it.
Persistence & Privilege
The skill does not request always:true or other elevated persistent privileges and does not modify other skills' configs. It runs as a normal Python package/script and will only act when invoked (or if the platform installs it as a skill and triggers it).
What to consider before installing
This package appears to implement an API-key rotation and failover client and will behave as expected for that purpose, but before installing or providing real keys you should:
- Verify provider support: inspect llm_key_pool/llm_client.py to confirm it implements any provider-specific authentication your providers require (the code only special-cases Anthropic; Google/other providers mentioned in docs may need different handling).
- Fix documentation/file mismatches: SKILL.md/README refer to assets/llm_config.yaml.example which isn't in the package (there's assets/llm_config.quickstart.yaml). Ensure you have the correct template before populating it with real keys.
- Installation method: decide whether to pip install the package (so the 'llm-key-pool' CLI exists) or run with python -m llm_key_pool.llm_client; the bundled run.sh assumes the CLI name.
- Protect keys: do not commit llm_config.yaml to VCS; use non-critical/test keys first to validate behavior.
- Terms-of-service risk: the tool is explicitly designed to rotate keys to work around single-key rate limits; using it to circumvent provider rate limits or quotas may violate provider terms — consider the legal/ethical implications.
If you want higher confidence, request the missing/omitted code sections for a thorough line-by-line review (to confirm there are no hidden network endpoints, telemetry, or exfiltration paths) and run the client with test keys in a controlled environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk976991yzn7c9tspqjjry7eq2d84nvrg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.