ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawd Throttle

Routes LLM requests to the cheapest capable model across 8 providers (Anthropic, Google, OpenAI, DeepSeek, xAI, Moonshot, Mistral, Ollama) and 25+ models. Scores prompts on 8 dimensions in under 1ms, supports three routing modes (eco, standard, gigachad), and logs all decisions for cost tracking.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1k · 3 current installs · 3 all-time installs
by@liekzejaws
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code, README, and data files implement an LLM-routing/proxy skill as described (classifier, routing table, providers, logging). Required binary 'node' is appropriate. However the registry metadata / SKILL.md lists ANTHROPIC_API_KEY and GOOGLE_AI_API_KEY as required env vars while the runtime code only needs at least one provider configured (it will exit only if no provider is configured). This mismatch between declared required envs and actual code is inconsistent and could mislead users about what must be provided.
Instruction Scope
SKILL.md and setup scripts instruct the agent/user to run npm setup, enter API keys, and write config to ~/.config/clawd-throttle/. Instructions and code limit data stored to SHA-256 prompt hashes and local JSONL logs, which is consistent with the privacy statement. A pre-scan pattern flagged 'system-prompt-override' (the SKILL.md refers to system prompts), which is expected for a classifier that considers system prompts but should be treated with care: verify that prompts aren’t being sent to external endpoints beyond the configured providers. Overall instructions stay inside the advertised scope (classify, route, proxy, log), but the system-prompt text and the prompt-hashing claim should be validated by inspecting the hashing implementation before trusting privacy guarantees.
Install Mechanism
Install is standard Node/npm (npm install, no unusual downloads). package.json dependencies are normal and install scripts are local (scripts/setup.sh / .ps1). No extract-from-arbitrary-URL or IP-hosted installers were found in the provided files.
!
Credentials
The skill legitimately needs provider API keys to proxy requests. But the registry metadata declares both ANTHROPIC_API_KEY and GOOGLE_AI_API_KEY as required while the code treats many keys as optional and requires only at least one configured provider. The setup scripts write API keys and other settings to a local config file (and read env vars at runtime) — storing keys to disk is functional but increases risk if the config file permissions or location are not secured. No unrelated secrets appear to be requested, but the metadata inconsistency is misleading.
!
Persistence & Privilege
The skill persists configuration and logs under ~/.config/clawd-throttle/ (config.json, routing.jsonl) — expected for this kind of tool. It also can start an HTTP proxy. Notably, the server is started with httpServer.listen(config.http.port) (no explicit host), which in Node defaults to listening on all interfaces; that can unintentionally expose the proxy (and the configured provider API keys / quota) to external network users if the host is reachable. always:false and normal autonomous invocation are fine, but you should ensure the HTTP proxy binds to localhost and protect the config/log files' filesystem permissions.
scan_findings_in_context

Like a lobster shell, security has layers — review code before you run it.

Current versionv2.0.0
Download zip
latestvk974mn1hdz6etbpyz8y3qz20ad80yjn2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏎️ Clawdis
Binsnode
EnvANTHROPIC_API_KEY, GOOGLE_AI_API_KEY

Install

Setup Clawd Throttle (API keys + routing mode)

SKILL.md

Clawd Throttle

Route every LLM request to the cheapest model that can handle it. Stop paying Opus prices for "hello" and "summarize this."

Supports 8 providers and 25+ models: Anthropic (Claude), Google (Gemini), OpenAI (GPT / o-series), xAI (Grok), DeepSeek, Moonshot (Kimi), Mistral, and Ollama (local).

How It Works

  1. Your prompt arrives
  2. The classifier scores it on 8 dimensions (token count, code presence, reasoning markers, simplicity indicators, multi-step patterns, question count, system prompt complexity, conversation depth) in under 1 millisecond
  3. The router maps the resulting tier (simple / standard / complex) to a model based on your active mode and configured providers
  4. The request is proxied to the correct API
  5. The routing decision and cost are logged to a local JSONL file

Routing Modes

ModeSimpleStandardComplex
ecoGrok 4.1 FastGemini FlashHaiku
standardGrok 4.1 FastHaikuSonnet
gigachadHaikuSonnetOpus 4.6

Each cell shows the first-choice model. The router tries a preference list and falls through to the next available provider if the first is not configured.

Available Commands

CommandWhat It Does
route_requestSend a prompt and get a response from the cheapest capable model
classify_promptAnalyze prompt complexity without making an LLM call
get_routing_statsView cost savings and model distribution stats
get_configView current configuration (keys redacted)
set_modeChange routing mode at runtime
get_recent_routing_logInspect recent routing decisions

Overrides

  • Heartbeats and summaries always route to the cheapest model
  • Type /opus, /sonnet, /haiku, /flash, or /grok-fast to force a specific model
  • Sub-agent calls automatically step down one tier from their parent

Setup

  1. Get at least one API key (Anthropic or Google required; others optional):
  2. Run the setup script: 
    npm run setup
  3. Choose your routing mode (eco / standard / gigachad)

Privacy

  • Prompt content is never stored. Only a SHA-256 hash is logged.
  • All data stays local in ~/.config/clawd-throttle/
  • API keys stored in your local config file

Files

51 total
Select a file
Select a file to preview.

Comments

Loading comments…