ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claude API Cost Optimizer

Minimize Anthropic Claude API costs through model selection, prompt caching, batching, and cost tracking. Trigger phrases: reduce API costs, optimize Claude...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 36 · 0 current installs · 0 all-time installs
byDeonte Cooper@djc00p
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (optimizing Anthropic/Claude API usage) reasonably requires an Anthropic API key, model routing, and local caching. However, the registry metadata at the top lists no required environment variables or primary credential, while the included SKILL.md metadata and examples explicitly reference ANTHROPIC_API_KEY and use the anthropic client. This declaration mismatch is incoherent and may hide required credentials or runtime expectations.
Instruction Scope
The SKILL.md and referenced documents give concrete runtime instructions: choose models, call the Anthropic client, use prompt caching, and create local cache/log files (e.g., ~/.claude_cache/, costs.log, batch_results.jsonl). The instructions do not direct data to unknown external endpoints beyond Anthropic but do instruct writing potentially sensitive content (source code, prompts) to local disk. They warn not to cache secrets but provide no automated filtering — so accidental caching of secrets/PII is a realistic risk.
Install Mechanism
No install spec or bundled binaries are present — this is instruction-only, so nothing is downloaded or executed at install time. That reduces supply-chain risk. All runtime behavior is via the user's environment and the Anthropic SDK.
!
Credentials
Requesting an Anthropic API key is proportionate for a Claude cost-optimizer. The problem is the registry metadata (Requirements section) claims 'Required env vars: none' while SKILL.md metadata and code examples need ANTHROPIC_API_KEY. This inconsistency could confuse users and lead to silent failures or accidental exposure if credentials are provided without clear declaration. No unrelated credentials are requested.
Persistence & Privilege
The skill does not request elevated agent privileges and is not always-enabled. It does instruct creating persistent files in the user's home directory (~/.claude_cache, costs.log, batch_results.jsonl). Persisting prompts, source code, and API responses locally can leak sensitive data if permissions or exclusion rules are not correctly configured; the docs recommend chmod 600 and .gitignore, which users must enforce themselves.
What to consider before installing
This skill appears to implement reasonable Claude cost-saving techniques, but there are a few red flags you should address before using it: - Verify required credentials: SKILL.md expects an ANTHROPIC_API_KEY, but the registry metadata claims 'no required env vars'. Do not rely on the registry's Requirements section — plan to provide an Anthropic API key and confirm how the agent will read it (env var, secret store). - Use a scoped or limited API key for testing: create a test key or billing-limited key and set low usage limits while you validate behavior. - Watch local caches and logs: the skill writes ~/.claude_cache and logs that may contain source code or prompts. Add those paths to your .gitignore, set strict filesystem permissions (e.g., chmod 600), and avoid caching secrets or PII. Consider using an encrypted cache or in-memory ephemeral cache if needed. - Audit the homepage/source: the skill's homepage is external (clawhub.com link). Inspect that site and any linked implementation before deploying in production. - Monitor billing and usage: because the skill actively changes model selection and batching, enable billing alerts and test with small token volumes first. - Confirm pricing and behaviors with official Anthropic docs: the SKILL.md includes specific pricing and cache math — verify these against Anthropic's current documentation. If you plan to install, test in a sandbox with a limited API key, small budgets, and explicit checks that no secrets are being cached or logged.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk971mk7nze83vhfyerkgsn291n83tbmf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💰 Clawdis
OSLinux · macOS · Windows
Environment variables
ANTHROPIC_API_KEYrequired

SKILL.md

Claude API Cost Optimizer

Cut Claude API costs by 70–90% using intelligent model selection, caching, and batching.

Quick Start

  1. Audit your current API calls — identify which tasks use Opus or Sonnet that could use Haiku. Model selection alone saves 10–18x on simple tasks.
  2. Pick the cheapest model tier for each task: Haiku (cheapest) → Sonnet (mid) → Opus (most expensive, use sparingly). See references/pricing.md for current rates.
  3. Enable prompt caching for repeated context (system prompts, codebases) by adding "cache_control": {"type": "ephemeral"} to message blocks
  4. Implement cost reporting — track input_tokens, output_tokens, and cache metrics from API responses

Key Concepts

  • Model selection — Haiku for simple tasks (formatting, comments) — cheapest tier. Sonnet for medium (refactoring, debugging) — mid tier. Opus for complex only (architecture, security) — most expensive, use sparingly. See references/pricing.md for current rates.
  • Prompt caching — Cache large static content (system prompts, codebase context). Cache reads cost 90% less; writes pay off after 1–2 reuses.
  • Batching — Combine multiple requests into one API call to eliminate per-request overhead. 80% fewer calls ≈ 80% lower cost.
  • Local caching — Cache identical responses locally to skip redundant API calls entirely.
  • Context extraction — Send only relevant snippets, not whole files. Smaller inputs = lower costs.
  • max_tokens discipline — Set realistic limits; unused token budget is wasted money.

Common Usage

Code examples are in Python but concepts apply to any language or SDK.

Model selection pattern:

def select_model(task_type: str) -> str:
    simple_tasks = ["formatting", "comments", "explanation", "rename"]
    complex_tasks = ["architecture", "algorithm", "security_audit"]
    return ("claude-haiku-4-5-20251001" if task_type in simple_tasks else
            "claude-opus-4-6" if task_type in complex_tasks else
            "claude-sonnet-4-6")

Prompt caching:

response = client.messages.create(
    model="claude-sonnet-4-6",
    max_tokens=1024,
    system=[{
        "type": "text",
        "text": system_prompt,
        "cache_control": {"type": "ephemeral"}
    }],
    messages=[{
        "role": "user",
        "content": [
            {"type": "text", "text": f"Code:\n{source_code}", 
             "cache_control": {"type": "ephemeral"}},
            {"type": "text", "text": query}
        ]
    }]
)

Cost tracking:

usage = response.usage
cost = (usage.input_tokens * INPUT_RATE +
        usage.cache_creation_input_tokens * CACHE_WRITE_RATE +
        usage.cache_read_input_tokens * CACHE_READ_RATE +
        usage.output_tokens * OUTPUT_RATE)

References

  • references/implementation.md — Full implementation patterns, model routing, caching setup, batching, retry logic, and anti-patterns
  • references/pricing.md — Current pricing, cache cost math, savings calculations, and batch API details

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…