ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Rate Limit Manager

v1.0.0

Manage and enforce API request rate limits and quotas with adaptive throttling, multi-service support, alerts, and usage visualization.

0· 33·0 current·0 all-time
by@sky-lv

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for sky-lv/rate-limit-manager.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Rate Limit Manager" (sky-lv/rate-limit-manager) from ClawHub.
Skill page: https://clawhub.ai/sky-lv/rate-limit-manager
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install rate-limit-manager

ClawHub CLI

Package manager switcher

npx clawhub@latest install rate-limit-manager
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The description promises persistent, multi-service features (visualization dashboard, alerts, distributed rate limiting) but the registry entry contains no code, no homepage, no install, and no required credentials or config paths. SKILL.md itself mentions Node.js 18+ and Redis (optional) which contradicts the declared 'required binaries: none' and the fact that there is no install or source — it's unclear how the advertised functionality would be provided.
Instruction Scope
SKILL.md contains high-level features and example natural-language 'commands' but no concrete runtime instructions, integration endpoints, persistence strategy, or where dashboards/alerts are hosted. The instructions are vague and grant broad discretion (e.g., 'enable auto-throttling') without specifying how state or network access is managed; however they do not explicitly direct reading unrelated files or secrets.
Install Mechanism
There is no install spec (instruction-only), which lowers direct install risk. However SKILL.md lists Node.js 18+ and Redis as prerequisites while the skill metadata declares no required binaries — a mismatch that suggests missing installation guidance or omitted code that should have been included.
Credentials
No environment variables, credentials, or config paths are declared. For a real multi-service rate limiter you'd expect API keys, webhook endpoints, or storage credentials; their absence is unexplained and may indicate the skill is incomplete or expects the agent to ask the user for secrets at runtime.
Persistence & Privilege
The skill does not request persistent privileges (always:false) and does not declare access to other skills' configs. There is no explicit request to enable itself or modify system-wide settings.
Scan Findings in Context
[no-regex-findings] unexpected: The static scanner found no code to analyze (instruction-only). Absence of findings is expected for an instruction-only skill but does not imply the skill actually implements the advertised features.
What to consider before installing
This skill appears incomplete: it claims dashboards, alerts, and distributed rate limiting but provides no code, no install steps, no source repo, and no declared integrations or credentials. Before installing or trusting it, ask the publisher for: (1) a link to the source/repo or packaged code, (2) clear install instructions and required binaries (Node.js/Redis) and where state is stored, (3) a list of required environment variables or API keys and where alerts/dashboards are hosted, and (4) a security review or audit of the code. If you must test it, run it in an isolated environment, do not supply production API keys or secrets, and require code review/auditing first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d8z1qg175r21avcmywjwagn85ng91
33downloads
0stars
1versions
Updated 6h ago
v1.0.0
MIT-0
@sky-lv
latest
Download

rate-limit-manager

Intelligent API rate limiting and quota management for AI agents. Control request rates, enforce quotas, and prevent API abuse.

Overview

A comprehensive rate limiting assistant that helps agents implement and manage rate limits across multiple APIs and services.

Features

  • Rate Limiting: Token bucket, sliding window, fixed window algorithms
  • Quota Management: Daily, weekly, monthly usage quotas
  • Multi-Service: Manage limits across multiple APIs simultaneously
  • Adaptive Throttling: Automatically adjust based on 429 responses
  • Visualization: Dashboard showing usage and limits
  • Alerts: Notify when approaching limits
  • Retry Logic: Smart retry with exponential backoff

Commands

Set Rate Limit

limit requests to 100 per minute for api-key-123

Check Quota

check remaining quota for openai-api

Enable Adaptive Throttling

enable auto-throttling for external-api

Use Cases

  • API quota management
  • Prevent service abuse
  • Cost control
  • Rate limit implementation
  • Multi-service rate coordination

Requirements

  • Node.js 18+
  • Redis (optional, for distributed rate limiting)

Comments

Loading comments...