← Back to Skills Marketplace
89
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install gh-ratelimiter
Description
In-memory sliding window rate limiter for AI agents. Create rate limits per API key, check quota before calling, consume requests, reset, and list all limits...
README (SKILL.md)
RateLimiter
Track and enforce rate limits so your agent doesn't get throttled.
Start the server
uvicorn ratelimiter.app:app --port 8012
Create a rate limit
curl -s -X POST http://localhost:8012/v1/limits \
-H "Content-Type: application/json" \
-d '{"key": "openai-api", "max_requests": 60, "window_seconds": 60}' | jq
Check before calling
curl -s http://localhost:8012/v1/check/openai-api | jq '.allowed'
Consume after calling
curl -s -X POST http://localhost:8012/v1/consume/openai-api | jq
Returns allowed (true/false), remaining, and retry_after_seconds (how long to wait if exhausted).
List all limits
curl -s http://localhost:8012/v1/limits | jq
Reset quota
curl -s -X POST http://localhost:8012/v1/reset/openai-api | jq
Delete a limit
curl -s -X DELETE http://localhost:8012/v1/limits/openai-api | jq
Endpoints
| Method | Path | Description |
|---|---|---|
| POST | /v1/limits | Create/update a rate limit |
| GET | /v1/limits | List all rate limits |
| GET | /v1/check/{key} | Check if next request is allowed |
| POST | /v1/consume/{key} | Use one request from quota |
| POST | /v1/reset/{key} | Reset quota to full |
| DELETE | /v1/limits/{key} | Delete a rate limit |
Usage Guidance
This skill appears to be what it claims: a simple in-memory FastAPI rate limiter. Before installing, consider: (1) run it in an isolated environment (virtualenv or container) to limit package scope; (2) ensure the installer will use PyPI/pip (verify the platform's 'uv' install kind resolves to pip); (3) do not bind the server to a public interface — use --host 127.0.0.1 or put it behind an authenticated proxy/firewall, because the API is unauthenticated and can create/delete limits; (4) if you intend to share this across processes, add authentication or network controls to avoid unauthorized manipulation of limits. If you want a review of adding authentication or deployment-hardening (example uvicorn flags, OAuth/Basic auth, or reverse-proxy config), provide how you plan to run it and I can suggest concrete changes.
Capability Analysis
Type: OpenClaw Skill
Name: gh-ratelimiter
Version: 1.0.0
The gh-ratelimiter skill is a standard utility for managing API rate limits in-memory. The implementation in ratelimiter/app.py and ratelimiter/state.py uses FastAPI and a sliding window algorithm (deque of timestamps) to track requests, which aligns perfectly with its stated purpose. No indicators of data exfiltration, malicious execution, or prompt injection were found.
Capability Assessment
Purpose & Capability
The name/description match the included code and SKILL.md. The FastAPI app implements the described endpoints (create/check/consume/reset/list/delete) and the files implement an in-memory sliding-window limiter. Required binaries and packages (python, fastapi, uvicorn, pydantic) are appropriate for the stated purpose.
Instruction Scope
SKILL.md's runtime instructions are narrowly scoped: start uvicorn on port 8012 and use the documented HTTP endpoints. It does not instruct the agent to read unrelated files or environment variables. However, the HTTP API is unauthenticated by default (no auth/ACLs) and will accept create/update/delete calls from any client that can reach the port — this is expected functionally but is a security consideration the user should be aware of.
Install Mechanism
The install lists pip packages (fastapi, uvicorn, pydantic), which is proportionate. There is no download from arbitrary URLs or archive extraction. One minor oddity: the install 'kind' is shown as "uv" in the metadata (nonstandard identifier); confirm the platform's installer will run pip in a trusted way. Overall low-to-moderate install risk.
Credentials
The skill requests no environment variables, credentials, or config paths. The code does not access secrets or external services. This credential footprint is minimal and appropriate for an in-memory rate limiter.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or persistent system configuration. It runs an in-memory server that listens on a network port; because it is unauthenticated, running it on a machine accessible to untrusted networks could expose the API. Consider restricting binding to localhost, firewalling the port, or adding auth.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install gh-ratelimiter - After installation, invoke the skill by name or use
/gh-ratelimiter - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of gh-ratelimiter.
- Provides an in-memory sliding window rate limiter with REST API.
- Allows creation and management of per-key API rate limits.
- Includes endpoints to check quota, consume requests, reset, and list limits.
- Helps AI agents avoid exceeding external API rate limits.
Metadata
Frequently Asked Questions
What is Ratelimiter?
In-memory sliding window rate limiter for AI agents. Create rate limits per API key, check quota before calling, consume requests, reset, and list all limits... It is an AI Agent Skill for Claude Code / OpenClaw, with 89 downloads so far.
How do I install Ratelimiter?
Run "/install gh-ratelimiter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Ratelimiter free?
Yes, Ratelimiter is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Ratelimiter support?
Ratelimiter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Ratelimiter?
It is built and maintained by mirni (@mirni); the current version is v1.0.0.
More Skills