Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Model Rate Limit Recovery
v1.0.0Diagnose and recover from model rate limit errors (ChatGPT usage limits, 429 errors). Use when cron jobs or agent sessions fail with "Try again in ~9500 min"...
⭐ 0· 36·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (model rate limit recovery for OpenClaw) aligns with the CLI commands and cron/session operations in SKILL.md. Recommending API key rotation, model fallback, and cron updates is coherent for this purpose. However, the skill references provider-specific env vars (OPENAI_API_KEYS, OPENCLAW_LIVE_OPENAI_KEY, ANTHROPIC, DEEPSEEK) but the registry metadata lists no required environment variables — an inconsistency that should be clarified.
Instruction Scope
The instructions tell the agent to run commands that enumerate environment variables (env | grep -i OPENAI|ANTHROPIC|DEEPSEEK), grep system logs (/tmp/openclaw/openclaw-*.log), and create persistent scripts under /root/.openclaw/workspace/scripts. Reading env and arbitrary logs can expose unrelated secrets; writing to /root assumes elevated privileges and a particular filesystem layout. Those steps go beyond narrow diagnostics and can touch sensitive data or require admin rights.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — low installation risk because nothing is automatically downloaded or written by the skill bundle itself.
Credentials
The SKILL.md instructs exporting and rotating multiple API keys and searching the environment for provider keys, but the skill did not declare any required env vars in its metadata. Asking operators to set or expose OPENAI/ANTHROPIC/DEEPSEEK keys is reasonable for key rotation functionality, but the instructions as-written encourage wide environment access and storage of secrets (including creating highest-priority keys) without guidance to limit key scope or use least-privilege keys.
Persistence & Privilege
The skill does not request always:true and does not itself persist code, but it instructs creating persistent recovery scripts at /root/.openclaw/workspace/scripts and patching cron jobs. That behavior is plausible for a recovery tool but requires write permissions to system/user paths (and uses an explicit root path), which may be unexpected or inappropriate in some environments.
What to consider before installing
This skill appears to implement reasonable recovery steps for model rate limits, but it asks you (via the instructions) to read environment variables and logs and to create persistent scripts under /root. Before installing or running these instructions: 1) Confirm you trust the OpenClaw CLI and any third-party model providers referenced (DeepSeek, Anthropic). 2) Do not export high-privilege or production API keys; prefer limited-scope or test keys for rotation and recovery testing. 3) Inspect and, if needed, modify the recovery script paths so they don't assume /root or write to system-wide locations. 4) Be aware that running env | grep or log greps can reveal unrelated secrets; run such commands in a controlled/sandboxed environment first. 5) Ask the author to declare required env vars in metadata and to provide explicit least-privilege guidance — the mismatch between metadata (no env vars) and instructions (multiple secret env vars) is the primary red flag. If you want, test the procedures in a staging environment before applying to production.Like a lobster shell, security has layers — review code before you run it.
latestvk97f1jacmnhs4e58p4ysc78g1d84vg7a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.