← Back to Skills Marketplace
wgj

RedLine

by Weston Johnson · GitHub ↗ · v0.2.0
cross-platform ⚠ suspicious
645
Downloads
1
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install redline
Description
Live rate-limit awareness for Claude.ai (Max/Pro) and OpenAI (Plus/Pro/Codex). Never hit the red line again — your agent checks remaining budget every heartb...
Usage Guidance
This skill's goal (live usage/pacing) is reasonable, but the package is incomplete and asks the agent to access sensitive local credentials. Before installing: - Ask the publisher for the missing scripts (scripts/claude-usage and scripts/openai-usage) or for an install spec; do not run undocumented scripts. - Confirm you run this on macOS (it expects the `security` CLI and Keychain) and that OpenClaw is installed if you want OpenAI checks. - Understand that the skill will read OAuth tokens from your Keychain and ~/.openclaw auth-profiles.json; only proceed if you trust the skill owner and have inspected the scripts that will use those tokens. - If you prefer safer testing, request a trimmed-down version that prints API calls without sending tokens, or run the scripts in a sandboxed environment and inspect network traffic. - Because the bundle omits the scripts, treat the current publish as incomplete/untrusted until the missing files and an install mechanism are provided and reviewed.
Capability Analysis
Type: OpenClaw Skill Name: redline Version: 0.2.0 The skill's stated purpose is to provide live rate-limit awareness for AI APIs by reading authentication tokens from macOS Keychain and OpenClaw auth-profiles. The `SKILL.md` instructions for the AI agent direct it to run local scripts (`scripts/claude-usage`, `scripts/openai-usage`) and store their JSON output locally. While these scripts access sensitive tokens, the documentation explicitly states they are used to call legitimate API providers (Anthropic, ChatGPT) for usage data, not for exfiltration or other malicious activities. No evidence of intentional harmful behavior, unauthorized data exfiltration, persistence mechanisms, or malicious prompt injection against the agent is present in the provided files.
Capability Assessment
Purpose & Capability
The declared purpose (checking Anthropic/Claude and OpenAI usage and pacing agent behavior) matches the actions described (reading tokens and calling usage APIs). However, the SKILL.md and README repeatedly reference CLI scripts (scripts/claude-usage, scripts/openai-usage) and OpenClaw integration while the skill bundle contains no code files or install spec. The skill metadata only lists python3 as a required binary but the instructions also require the macOS `security` CLI and OpenClaw to be installed. These missing/undeclared dependencies are an incoherence.
Instruction Scope
Runtime instructions explicitly tell the agent to read the Claude OAuth token from macOS Keychain (service 'Claude Code-credentials') and to read OpenClaw auth profiles at ~/.openclaw/agents/main/agent/auth-profiles.json. Those are sensitive credentials and filesystem reads outside the skill's declared requirements. The instructions also tell the agent to write heartbeat-state.json and to integrate pacing into HEARTBEAT.md. The scope of file and secret access is broader than what the skill metadata declares.
Install Mechanism
There is no install spec (instruction-only), which minimizes package install risk. However, the documentation and SKILL.md assume CLI scripts exist locally under ./scripts — they are not included. That mismatch means the skill as published is incomplete: either it expects external binaries/scripts to already be present (not declared) or the package omits required files.
Credentials
The skill declares no required environment variables or config paths, but the instructions require reading two credential sources (macOS Keychain entry and an OpenClaw auth-profiles JSON). Access to those secrets is proportionate to the stated functionality (you must have tokens to query usage), but because they are not declared in the metadata this is a transparency issue and a potential privacy risk. Users should expect the skill to access OAuth tokens and plan accordingly.
Persistence & Privilege
The skill does not request always:true and does not declare elevated persistent privileges. It will store ephemeral usage readings (heartbeat-state.json) per its instructions, which is normal for a pacing helper. Autonomous invocation is allowed by default (normal for skills) but this combined with the secret access noted above increases the blast radius if the skill were malicious.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install redline
  3. After installation, invoke the skill by name or use /redline
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.2.0
Added OpenAI usage checker, improved Claude token expiry detection, full SKILL.md with pacing tiers and heartbeat integration docs
v0.1.0
redline 0.1.0 – Initial release - Adds live rate-limit monitoring for Claude.ai and OpenAI (Plus/Pro/Codex) plans. - Provides two CLI scripts: claude-usage and openai-usage for checking rate limit status. - Implements a 4-tier pacing strategy (GREEN/YELLOW/ORANGE/RED) to maximize token usage efficiency. - Supports heartbeat integration for automatic pacing and budget awareness. - Offers both human-readable and JSON output for programmatic access. - Requires Python 3 and specific authentication setup for each service.
Metadata
Slug redline
Version 0.2.0
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is RedLine?

Live rate-limit awareness for Claude.ai (Max/Pro) and OpenAI (Plus/Pro/Codex). Never hit the red line again — your agent checks remaining budget every heartb... It is an AI Agent Skill for Claude Code / OpenClaw, with 645 downloads so far.

How do I install RedLine?

Run "/install redline" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is RedLine free?

Yes, RedLine is completely free (open-source). You can download, install and use it at no cost.

Which platforms does RedLine support?

RedLine is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created RedLine?

It is built and maintained by Weston Johnson (@wgj); the current version is v0.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments