v1.0.0

Api限制管理Agent Rate Limiter 1.3.1

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:36 AM.

Analysis

Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.

GuidanceThis skill looks reasonable if you want your agent to self-throttle to avoid rate limits. Before installing, review the system-prompt, heartbeat, and cron snippets because they can cause the agent to skip or delay work when usage is high, and verify the publisher/version due to minor metadata inconsistencies. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityLowConfidenceHighStatusNote

SKILL.md

Before expensive operations: `python3 scripts/rate-limiter.py gate` ... Exit 2 → stop all non-essential work

The skill tells the agent to change its priorities and stop non-essential work based on the rate-limit tier. That is disclosed and central to the stated purpose, but users should understand it can override normal task flow.

User impactThe agent may defer or skip work when the rate limiter reports a high-usage state.

RecommendationInstall only if you want the agent to obey these throttling rules, and keep a clear manual override or reset path.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

python3 scripts/rate-limiter.py <command> [args] ... pause [minutes] ... resume ... set-limit <n> ... reset

The skill exposes local commands that modify rate-limit state and influence whether work proceeds. These commands are purpose-aligned, but they affect automation flow.

User impactIncorrect use or automation around these commands could pause work longer than intended or reset tracking state.

RecommendationUse the documented commands in a controlled agent loop and review any cron/heartbeat integration before enabling it.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceMediumStatusNote

metadata

Source: unknown ... Version: 1.0.0

The registry metadata does not fully match the packaged _meta.json, which lists version 1.3.1 and a different ownerId. This is a provenance/packaging note, not evidence of malicious behavior.

User impactUsers may have less assurance that the registry record and packaged metadata refer to the same release identity.

RecommendationConfirm the publisher and version from ClawHub before installing, especially if you rely on this in shared automation.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

Set a timer/cron to run `python3 scripts/rate-limiter.py resume` at the pausedUntil time

The skill recommends scheduled resume behavior. This is disclosed and tied to rate-limit recovery, but it is persistent automation outside a single immediate command.

User impactA timer or cron integration may continue affecting agent behavior after the initial task.

RecommendationOnly add the cron/timer integration if you want ongoing rate-limit management, and document how to disable it.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

rate-limit-state.json

"requests": [ { "ts": 1774708743717, "tokens": 5000 }, { "ts": 1774710099379, "tokens": 1000 } ]

The skill persists usage history that the agent later trusts for throttling decisions. It does not show stored message content or credentials, but the state can influence future behavior.

User impactIf the state file is stale or altered, the agent could become too conservative or not conservative enough.

RecommendationKeep the state file local, use a dedicated path, and run the documented reset command if throttling behavior looks wrong.