Agent Rate Limiter
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
This skill is reasonable to use if you want local throttling, but review the prompt/cron integration carefully because it can cause the agent to skip work. Keep the state file scoped to a safe local path and inspect the full script before installing, especially because the supplied artifact excerpt was partially truncated. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent may skip or stop tasks when the limiter reports a critical or paused state.
The skill asks users to add instructions that can change whether the agent proceeds with work. This is disclosed and aligned with rate limiting, but it affects agent goals and stopping conditions.
### In AGENTS.md / system prompt: ... Before expensive operations: `python3 scripts/rate-limiter.py gate` ... Exit 2 → stop all non-essential work
Only add these instructions if you want the limiter to control agent activity, and test the gate/status behavior before relying on it.
Incorrect use of pause, reset, or set-limit could make the agent stop too often or fail to throttle enough.
The skill exposes local commands that mutate rate-limit state and control agent activity. The command surface is narrow and purpose-aligned, but automated loops should not run state-changing commands unintentionally.
python3 scripts/rate-limiter.py <command> [args] ... pause [minutes] ... resume ... set-limit <n> ... reset
Wire only the needed commands into automation, keep reset/set-limit as deliberate maintenance actions, and monitor status output during initial use.
The agent may throttle, pause, or resume based on saved local state rather than the immediate user request.
The local JSON file persists counters, tier, and pause status that later gate checks rely on. This is expected for the skill, but stale or tampered state can influence future behavior.
"tier": "ok", "estimatedPct": 0, "pausedUntil": null, "window": { "requests": [], "estimatedLimit": 200 }Keep the state file in the skill directory or another controlled location, avoid sharing it, and use status/reset if the limiter behaves unexpectedly.
A timer or cron entry could keep changing limiter state after the original task is over.
The integration guide suggests a scheduled resume action that can outlive the immediate task. It is user-directed and limited to rate-limit recovery, but it is still a persistent automation hook.
Set a timer/cron to run `python3 scripts/rate-limiter.py resume` at the pausedUntil time
Only add scheduled resume jobs where intended, document them, and remove them if you uninstall or stop using the skill.