Description

LLM API 代理服务管理工具。支持多 Provider 转发（百炼/OpenRouter/NVIDIA）、内容安全审计、健康监控。使用场景：(1)启动/停止/重启代理服务 (2)查看代理状态和统计 (3)配置内容过滤规则。

README (SKILL.md)

LLM Proxy Skill

Name: AI守门人
Author: 394286006

LLM API 代理服务，统一管理多个 LLM Provider，支持内容安全审计。

功能

多 Provider 统一代理（22+ 提供商）
内容安全审计（恶意指令检测、敏感内容过滤）
流式响应实时检测
健康状态监控

使用方法

启动代理

启动llm-proxy

停止代理

停止llm-proxy

查看状态

llm-proxy状态

重启代理

重启llm-proxy

手动操作

进入 skill 目录后执行：

启动

./scripts/llm-proxy-ctl.sh start

停止

./scripts/llm-proxy-ctl.sh stop

状态

./scripts/llm-proxy-ctl.sh status

重启

./scripts/llm-proxy-ctl.sh restart

配置说明

配置文件：scripts/llm-proxy-config.json

基本配置

字段	默认值	说明
`listen_host`	`127.0.0.1`	监听地址
`proxy_port`	`18888`	代理端口
`read_timeout`	`60`	读取超时（秒）
`max_body_size_mb`	`10`	最大请求体（MB）
`max_threads`	`50`	最大线程数

安全检测配置

配置项	说明
`rules_file`	内容过滤规则文件
`quick_check_keywords`	快速检测关键词列表

修改端口

编辑 llm-proxy-config.json 中的 proxy_port 字段，重启服务生效。

支持的 Provider

免费/免费额度

ollama - 本地 Ollama
gemini - Google Gemini
groq - Groq
cloudflare - Workers AI
deepseek - DeepSeek
moonshot - 月之暗面
zhipu - 智谱
siliconflow - SiliconFlow

付费

openai - OpenAI
anthropic - Anthropic
openrouter - OpenRouter
nvd - NVIDIA NIM
bailian - 阿里百炼
baidu - 百度文心
spark - 讯飞星火
minimax - MiniMax
yi - 零一万物
baichuan - 百川
together - Together AI
fireworks - Fireworks AI
replicate - Replicate

健康检查

curl http://127.0.0.1:18888/health

响应示例：

{
  "status": "ok",
  "uptime": 3600,
  "rules_loaded": {
    "layer1": 10,
    "layer2": 7,
    "whitelist": 6
  },
  "stats": {
    "total_requests": 100,
    "total_responses": 98,
    "blocked": 0,
    "errors": 2
  }
}

安全检测机制

三层审核

L1 - 恶意指令检测：危险命令、提权操作、SQL注入、后门等
L2 - 敏感内容检测：个人身份信息、凭证密钥、违法内容
快速关键词检测：流式响应实时检测风险关键词

流式响应检测

每 100 字符检测一次
发现风险关键词时注入警告提醒
严重违规时阻断响应

自定义关键词

编辑 llm-proxy-config.json 中的 quick_check_keywords 数组添加新关键词。

日志

日志目录：~/.openclaw/logs/llm-proxy/

proxy-YYYY-MM-DD.jsonl - 请求日志
ctl-service.log - 服务日志（手动启动时）

注意事项

默认端口 18888
仅监听本地 127.0.0.1
无自动监控，需手动管理
修改配置后需重启服务

Usage Guidance

This skill is largely consistent with its advertised purpose, but proceed cautiously. Before installing or running: (1) Inspect the code paths that perform logging and confirm whether Authorization headers or request bodies are sanitized — if not, assume API keys and sensitive payloads will be written to ~/.openclaw/logs/llm-proxy and adjust log permissions/rotation or modify the code to redact sensitive headers. (2) Keep the proxy bound to 127.0.0.1 (do not change listen_host to 0.0.0.0) unless you intend to expose it and understand the network risks. (3) Do not enable the L3 (third-layer) LLM review unless you know which external model/gateway it will call and you trust that endpoint and its credential handling. (4) If you will forward requests to upstream providers, prefer injecting provider keys at the client side and avoid reuse of long-lived keys in automatic contexts; consider adding explicit logging redaction for Authorization and common key patterns. (5) Review and harden file permissions for the log directory and config files, and verify the behavior of scripts/llm-proxy.py in full (the file provided here was truncated) before running in production. If you are uncomfortable with local logging of request content or enabling external L3 review, treat this skill as untrusted or run it in an isolated environment.

Capability Analysis

Type: OpenClaw Skill Name: llm-proxy Version: 1.0.4 The skill provides an LLM proxy with content filtering and credential redaction. It is classified as suspicious due to a shell injection vulnerability in `scripts/llm-proxy-common.sh`, where the `get_config` function interpolates the `$key` and `$CONFIG_FILE` variables directly into a `python3 -c` command string without sanitization. While the core logic in `scripts/llm-proxy.py` is security-oriented—implementing local-only binding, multi-layer regex auditing (defined in `scripts/content-filter-rules.json`), and active redaction of API keys in logs—the insecure handling of shell arguments in the helper scripts constitutes a vulnerability that could be exploited if configuration parameters were influenced by untrusted input.

Capability Assessment

✓ Purpose & Capability

Name/description (LLM proxy + content auditing) match the files and runtime instructions: control scripts, a Python proxy, config and filtering rules. The listed provider endpoints align with a multi-provider proxy. There are no surprising external service credentials requested in metadata.

ℹ Instruction Scope

SKILL.md and README instruct running the provided scripts (./scripts/llm-proxy-ctl.sh) and editing scripts/llm-proxy-config.json; the code reads that config and writes logs under ~/.openclaw/logs/llm-proxy. That is expected for a proxy. Caveat: the skill appears to log request information (request logs described in README and a LogWriter in code). Logged request entries may include headers or bodies that contain API keys or other secrets unless explicitly sanitized. SKILL.md does not mention redaction. Also the rules include an optional L3 review model (disabled by default) which, if enabled, could cause outbound model calls.

✓ Install Mechanism

No install spec; this is instruction-only with bundled scripts. Nothing is downloaded from remote hosts during install. The code is included in the skill bundle, so no external install URLs or archive extraction risks are present.

ℹ Credentials

The registry metadata declares no required env vars or credentials, which is consistent with a local proxy. However the code does read optional environment variables (LLM_PROXY_CONFIG, LLM_PROXY_PORT, RULES_FILE) and will forward whichever Authorization header the client supplies to upstream providers. Users may therefore send provider API keys through the proxy; combined with local logging, those keys could be stored. No unrelated credentials are requested by the skill itself.

✓ Persistence & Privilege

always:false and no special platform privileges requested. The skill writes logs and PID files to user-owned locations (~/.openclaw, /tmp) — normal for a local service. It does not request to auto-enable itself or modify other skills.

Version History

v1.0.4

- Major documentation update: simplified and reorganized SKILL.md for improved readability and user guidance. - Replaced _meta.json and reference docs with a single configuration and shared script file. - Added new config file: scripts/llm-proxy-config.json for centralized and clearer service configuration. - Added utility script: scripts/llm-proxy-common.sh. - Clarified and categorized all supported providers and security layers. - Expanded instructions for both command and manual usage, service logging, and advanced content filtering settings.

v1.0.3

- Added detailed usage and feature documentation to SKILL.md, including command triggers and internal logic. - Switched configuration and troubleshooting content into separate reference files. - Removed direct configuration example and script files from the main project structure. - Streamlined provider details and security auditing explanation for better clarity. - Updated description and usage scenarios for greater accessibility.

v1.0.2

- Added configuration documentation (configuration.md) and sample config/scripts files. - Improved configuration instructions; new config file path is scripts/llm-proxy-config.json. - Expanded and updated list of supported LLM providers (now 22+). - Reorganized and clarified usage instructions, including manual operations and health check. - Old references and troubleshooting docs removed; new documentation is more concise and consolidated.

v1.0.1

- Added trigger patterns and shell command integrations to SKILL.md for easier command-line usage. - Added quick command summary table for direct skill invocation. - Introduced references/configuration.md documentation. - Removed scripts/llm-proxy-quick.sh script. - Updated content security and audit rule descriptions; clarified audit logic and rule items. - Minor clarifications and improvements across documentation for clarity.

v1.0.0

- Initial release of llm-proxy, a local LLM API proxy service management tool. - Supports multi-provider forwarding (Bailian, OpenRouter, NVIDIA NIM). - Integrates content safety auditing with two-layer rule-based checking. - Provides real-time request statistics, logging, and health monitoring endpoints. - Includes control scripts for starting, stopping, restarting, and monitoring the proxy service. - Offers configurable content filtering and detailed logs for requests and service activity.

Metadata

Slug llm-proxy

Version 1.0.4

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 5

Frequently Asked Questions

What is AI守门人?

LLM API 代理服务管理工具。支持多 Provider 转发（百炼/OpenRouter/NVIDIA）、内容安全审计、健康监控。使用场景：(1)启动/停止/重启代理服务 (2)查看代理状态和统计 (3)配置内容过滤规则。 It is an AI Agent Skill for Claude Code / OpenClaw, with 312 downloads so far.

How do I install AI守门人?

Run "/install llm-proxy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is AI守门人 free?

Yes, AI守门人 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does AI守门人 support?

AI守门人 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created AI守门人?

It is built and maintained by 394286006 (@394286006); the current version is v1.0.4.

More Skills

AI守门人