ClawHub

ratelint

v1.0.0

Rate limiting & API throttling anti-pattern analyzer -- detects missing rate limits, brute force exposure, no backoff strategies, unbounded queues, retry sto...

0· 39·0 current·0 all-time
by@suhteevah
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (rate‑limit anti‑pattern analyzer) match the included scripts, patterns, and the use of lefthook for git hook integration. Required binaries (git, bash) and the brew dependency (lefthook) are reasonable for the stated functionality.
Instruction Scope
Runtime instructions and scripts perform local file discovery and regex scanning, produce reports, and integrate with git hooks. They do read the user's OpenClaw config (~/.openclaw/openclaw.json) as a license key fallback; that is consistent with the license flow but is an extra config read the user should expect. The pre-commit and pre-push hooks will run scans automatically (pre-push runs a full scan of the working tree), which can be intrusive or slow in large repos.
Install Mechanism
Install specification is a single well-known brew formula (lefthook) to manage git hooks. No downloads from unknown hosts or archive extraction are present. Note: brew usage may be platform-limited (Windows users may need Git Bash / alternate installation).
Credentials
The only declared primary credential is RATELINT_LICENSE_KEY, which the license module legitimately uses to unlock paid tiers. The license module also looks in ~/.openclaw/openclaw.json for a stored key (using python/node/jq fallbacks). Reading that config file is proportionate to retrieving a locally stored license key, but users should be aware the skill will try to read that file (it extracts only ratelint.apiKey).
Persistence & Privilege
The skill does not request 'always: true'. It offers to install lefthook hooks which will modify a repository's lefthook.yml and run lefthook install; this changes repository behavior by adding pre-commit/pre-push scans. This is expected for a linter but is persistent and can affect normal git workflows.
Assessment
This skill appears to do what it claims: local regex-based scanning for rate‑limit and throttling anti‑patterns. Before installing, note that: - It will attempt to install or use lefthook (brew lefthook) to add pre-commit / pre-push hooks; these hooks will run scans automatically and modify lefthook.yml in your repo. - Paid features require RATELINT_LICENSE_KEY; if not set, the skill will look in ~/.openclaw/openclaw.json for a stored key. If you keep other secrets in that file, be aware the skill reads it to extract ratelint.apiKey. - The scanner is entirely local and uses grep/regex patterns; expect false positives and potential performance impact on large repositories, especially when pre-push triggers a full scan. Recommendations: review the lefthook.yml changes before committing them, place your license key in the environment or in an appropriate config store you control, and run the scan manually on a small repo first to verify behavior. If you need stricter isolation, run the skill inside a disposable environment or CI job rather than enabling automatic hooks globally.

Like a lobster shell, security has layers — review code before you run it.

latestvk973992d7qrwtnthgxsvxbnbns84t331

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚦 Clawdis
OSmacOS · Linux · Windows
Binsgit, bash
Primary envRATELINT_LICENSE_KEY

Install

Install lefthook (git hooks manager)
Bins: lefthook
brew install lefthook

Comments