ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Api Rate Limiter

v1.0.0

Manages API request rates with delay, concurrency limits, configurable policies, automatic retries, and real-time status monitoring.

0· 99·1 current·1 all-time
by@monline-code

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for monline-code/api-rate-limiter.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Api Rate Limiter" (monline-code/api-rate-limiter) from ClawHub.
Skill page: https://clawhub.ai/monline-code/api-rate-limiter
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install api-rate-limiter

ClawHub CLI

Package manager switcher

npx clawhub@latest install api-rate-limiter
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, README, SKILL.md, and scripts coherently implement an API rate limiter with delay, concurrency and config management. Requiring jq and using copy/sleep logic is proportional to that purpose. However, some implementation choices (hard-coded /root default path) don't match the install instructions and expected install locations, which is unexpected for a user-level skill.
!
Instruction Scope
The runtime instructions map to the provided scripts and CLI commands. But the scripts reference and write to /root/.openclaw/workspace/skills/... (DEFAULT_CONFIG_FILE) while install.sh copies files into $HOME/.openclaw/workspace/skills — this mismatch means the skill may try to read/write files in /root unexpectedly. The scripts do not access network endpoints or external secrets, so no obvious data exfiltration, but the filesystem path usage is outside the skill's stated simple scope.
Install Mechanism
There is no remote installer (no downloads). install.sh copies local files into ~/.openclaw/workspace/skills and attempts to create a /usr/local/bin symlink (using sudo if available). No external URLs or archives are fetched. The install is local and traceable, but it attempts to create a system-wide symlink and therefore may ask for sudo.
Credentials
The skill does not request environment variables, credentials, or external tokens. It does require jq (and optionally bc) which is reasonable for JSON parsing and arithmetic. No hidden credential access is present in the code.
!
Persistence & Privilege
The installer will create a symlink in /usr/local/bin (possibly with sudo), giving a system-wide command. More importantly, the scripts write/read a DEFAULT_CONFIG_FILE located under /root — this hard-coded root path may cause the tool to require elevated privileges or to operate inconsistently between users. The skill does not set always:true, nor does it modify other skills, but the root-path behavior increases its privilege/permission footprint unexpectedly.
What to consider before installing
This skill appears to implement the claimed rate-limiting functionality, but there are implementation inconsistencies you should address before installing: 1) The main script uses DEFAULT_CONFIG_FILE and the entrypoint path hard-coded to /root/.openclaw/..., while install.sh installs files under $HOME — fix these paths to be consistent (use $HOME or relative skill dir) to avoid needing root or silently failing. 2) install.sh creates a /usr/local/bin symlink and may call sudo — run the installer with care and inspect the script first. 3) Ensure jq is installed; the scripts exit if jq is missing. 4) Consider running the skill in a sandbox or testing environment first (or manually copy files rather than running install.sh) so you can confirm it doesn't attempt to read/write root-owned paths. If the author intended to require root, ask why; if not, request a patch that removes hard-coded /root references and uses the installed skill directory or $HOME consistently.

Like a lobster shell, security has layers — review code before you run it.

latestvk972rz8g7tv50bthpyzz1rjm4s83qcjt
99downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@monline-code
latest
Download

API Rate Limiter

概述

全局API请求频率限制器,用于管理API请求的频率,防止触发服务提供商的限流机制。

功能特性

1. 请求频率控制

  • 智能延迟管理
  • 并发请求限制
  • 时间窗口限流

2. 配置管理

  • 动态配置加载
  • 策略调整
  • 状态监控

3. 服务集成

  • 全局API请求拦截
  • 自动限流应用
  • 失败重试机制

使用方法

应用请求延迟

api-rate-limiter apply-delay [request-type]

检查限流状态

api-rate-limiter check-status

查看当前配置

api-rate-limiter show-config

更新配置

api-rate-limiter update-config --key value

支持的请求类型

  • light: 轻量请求 (默认延迟 300ms)
  • medium: 中量请求 (默认延迟 600ms)
  • heavy: 重量请求 (默认延迟 1000ms)
  • custom: 自定义延迟

配置项

  • base_delay_ms: 基础延迟毫秒数
  • max_requests_per_minute: 每分钟最大请求数
  • max_requests_per_hour: 每小时最大请求数
  • concurrency_limit: 并发请求数限制
  • retry_count: 重试次数
  • cache_enabled: 是否启用缓存

Comments

Loading comments...