ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Api Consumption Optimizer

v1.0.0

Dynamically adjusts API call frequency based on remaining quota and time to maximize usage without exceeding limits.

0· 38·1 current·1 all-time
byGarfieldQin@qinthqod
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's stated goal (dynamically adjusting API call frequency) is consistent with the provided logic and examples. However, the runtime code depends on a local MiniMax status CLI at a hardcoded user path (/home/garfield/.local/bin/minimax-status-clean) while the registry metadata and SKILL.md declare no required binaries or config — a mismatch that should have been declared.
!
Instruction Scope
SKILL.md describes obtaining MiniMax status but does not document the local CLI call. The Python code uses subprocess.run to execute a binary at a fixed filesystem location; that effectively gives the skill permission to run arbitrary local code (whatever that binary does). The instructions also include endless loops that call do_api_call/do_game_ai_call without safeguards; the runtime could cause high-frequency actions if misconfigured.
Install Mechanism
There is no install spec (instruction-only), so nothing will be automatically downloaded or written during install. That lowers supply-chain risk, but means the code expects existing local tooling which isn't documented.
!
Credentials
The skill declares no required environment variables or credentials, which is reasonable. But the code relies on a user-specific filesystem path for an external CLI and implicitly expects access to run it — this implicit requirement (and the ability to execute it) is not reflected in the declared environment/dependencies and expands the effective privileges without notification.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous-invocation defaults. It does not request to modify other skills or system-wide settings. No elevated persistence is requested.
What to consider before installing
Before installing, be aware this skill executes a hardcoded local binary (/home/garfield/.local/bin/minimax-status-clean) to obtain usage info. That binary will run with the agent's user privileges and could perform any local action — the skill does not declare this dependency or provide a configurable path. If you need this functionality: (1) review the target binary's source and behavior or replace it with a trusted, documented status endpoint; (2) request/modify the skill to accept a configurable path or API call instead of a hardcoded /home/... path; (3) run the skill in a restricted/sandboxed environment first; (4) add explicit checks and rate limits to avoid runaway loops. If you cannot verify the local CLI, do not install or run this skill on sensitive systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk974sccttpfbs8vhcesy03t3wh83wz2f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments