ClawHub

Ratelimiter

v1.0.0

In-memory sliding window rate limiter for AI agents. Create rate limits per API key, check quota before calling, consume requests, reset, and list all limits...

0· 83·0 current·0 all-time
by@mirni

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mirni/gh-ratelimiter.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Ratelimiter" (mirni/gh-ratelimiter) from ClawHub.
Skill page: https://clawhub.ai/mirni/gh-ratelimiter
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install gh-ratelimiter

ClawHub CLI

Package manager switcher

npx clawhub@latest install gh-ratelimiter
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the included code and SKILL.md. The FastAPI app implements the described endpoints (create/check/consume/reset/list/delete) and the files implement an in-memory sliding-window limiter. Required binaries and packages (python, fastapi, uvicorn, pydantic) are appropriate for the stated purpose.
Instruction Scope
SKILL.md's runtime instructions are narrowly scoped: start uvicorn on port 8012 and use the documented HTTP endpoints. It does not instruct the agent to read unrelated files or environment variables. However, the HTTP API is unauthenticated by default (no auth/ACLs) and will accept create/update/delete calls from any client that can reach the port — this is expected functionally but is a security consideration the user should be aware of.
Install Mechanism
The install lists pip packages (fastapi, uvicorn, pydantic), which is proportionate. There is no download from arbitrary URLs or archive extraction. One minor oddity: the install 'kind' is shown as "uv" in the metadata (nonstandard identifier); confirm the platform's installer will run pip in a trusted way. Overall low-to-moderate install risk.
Credentials
The skill requests no environment variables, credentials, or config paths. The code does not access secrets or external services. This credential footprint is minimal and appropriate for an in-memory rate limiter.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or persistent system configuration. It runs an in-memory server that listens on a network port; because it is unauthenticated, running it on a machine accessible to untrusted networks could expose the API. Consider restricting binding to localhost, firewalling the port, or adding auth.
Assessment
This skill appears to be what it claims: a simple in-memory FastAPI rate limiter. Before installing, consider: (1) run it in an isolated environment (virtualenv or container) to limit package scope; (2) ensure the installer will use PyPI/pip (verify the platform's 'uv' install kind resolves to pip); (3) do not bind the server to a public interface — use --host 127.0.0.1 or put it behind an authenticated proxy/firewall, because the API is unauthenticated and can create/delete limits; (4) if you intend to share this across processes, add authentication or network controls to avoid unauthorized manipulation of limits. If you want a review of adding authentication or deployment-hardening (example uvicorn flags, OAuth/Basic auth, or reverse-proxy config), provide how you plan to run it and I can suggest concrete changes.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

⏱️ Clawdis
Binspython

Install

uv
latestvk9780k0j2t2nzj4hh8acmz9vvn84scj2
83downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@mirni
latest
Download

RateLimiter

Track and enforce rate limits so your agent doesn't get throttled.

Start the server

uvicorn ratelimiter.app:app --port 8012

Create a rate limit

curl -s -X POST http://localhost:8012/v1/limits \
  -H "Content-Type: application/json" \
  -d '{"key": "openai-api", "max_requests": 60, "window_seconds": 60}' | jq

Check before calling

curl -s http://localhost:8012/v1/check/openai-api | jq '.allowed'

Consume after calling

curl -s -X POST http://localhost:8012/v1/consume/openai-api | jq

Returns allowed (true/false), remaining, and retry_after_seconds (how long to wait if exhausted).

List all limits

curl -s http://localhost:8012/v1/limits | jq

Reset quota

curl -s -X POST http://localhost:8012/v1/reset/openai-api | jq

Delete a limit

curl -s -X DELETE http://localhost:8012/v1/limits/openai-api | jq

Endpoints

MethodPathDescription
POST/v1/limitsCreate/update a rate limit
GET/v1/limitsList all rate limits
GET/v1/check/{key}Check if next request is allowed
POST/v1/consume/{key}Use one request from quota
POST/v1/reset/{key}Reset quota to full
DELETE/v1/limits/{key}Delete a rate limit

Comments

Loading comments...