← Back to Skills Marketplace
396
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install chitin-core
Description
Selects the most cost-effective capable model for tasks, handles rate limit failures gracefully, and supports tier overrides and health checks.
README (SKILL.md)
chitin-core
Route tasks to the cheapest capable model. Never crash on rate limits.
Activation
When spawning sub-agents or delegating tasks, use ModelRouter to select the optimal model.
Trigger phrases: "route this", "spawn a sub-agent", "delegate", or any time you need to choose a model for a task.
Usage
Route a Task
node ~/.openclaw/workspace/skills/chitin-core/scripts/router.js route "task description here"
Returns JSON:
{"tier":"MEDIUM","model":"google-antigravity/gemini-3.1-pro","confidence":0.85,"estimatedCost":0.005,"signals":["codeSignals:2×1.2=2.4"]}
Use the returned model value in sessions_spawn.
Handle Failures
If a spawned session fails with a rate limit or error:
node ~/.openclaw/workspace/skills/chitin-core/scripts/router.js fail "provider/model" "error message"
Then re-route — the failed model will be skipped:
node ~/.openclaw/workspace/skills/chitin-core/scripts/router.js route "same task"
Check Health
node ~/.openclaw/workspace/skills/chitin-core/scripts/router.js health
View Costs
node ~/.openclaw/workspace/skills/chitin-core/scripts/router.js costs
Validate Config
node ~/.openclaw/workspace/skills/chitin-core/scripts/router.js validate
Workflow
- Receive task from user
- Run
router.js route "\x3Ctask>"to get optimal model sessions_spawnwith returned model- If spawn fails →
router.js fail "\x3Cmodel>" "\x3Cerror>"→ retry route - Return result to user
Tiers
| Tier | Use Case | Models |
|---|---|---|
| LIGHT | Greetings, simple Q&A, status checks | Flash, DeepSeek, gpt-5-mini, Groq, Ollama |
| MEDIUM | Code, summaries, standard tasks | Gemini Pro, gpt-5.2, DeepSeek Reasoner |
| HEAVY | Architecture, complex reasoning, agentic | gpt-5.2-pro, o3, Codex |
Override Tags
Include in task text to force a tier:
@light— force cheapest model@medium— force mid-tier@heavy— force most capable
Graceful Degradation
If all models in a tier are rate-limited, the router automatically:
- Tries adjacent tiers (escalate or downgrade)
- Falls back to local Ollama if configured
- Returns structured error with retry time (never crashes)
Configuration
Edit config.json in the skill directory to:
- Add/remove models per tier
- Adjust cost figures
- Tune classification boundaries
Usage Guidance
What to check before installing:
- This skill's code matches its stated routing functionality, but it expects provider API keys (Anthropic/OpenAI/OpenRouter) via environment variables or ~/.openclaw/workspace/.secrets even though the registry declares none. If you don't want it to use your provider credentials, do not supply those env vars or secret files.
- provider-sync.js contains a hardcoded Telegram bot token and chat id that will send notifications to an external bot. If you run provider-sync (manually or scheduled), either remove/replace the hardcoded token or disable Telegram notifications.
- The sync script references a remote Ollama Forge IP; audit any network endpoints before enabling automated sync/cron jobs.
- The router script reads and writes files under ~/.openclaw (openclaw.json, memory state) — review those paths and back up configs if needed.
- Recommendation: review the two shipped scripts (provider-sync.js and router.js) line-by-line in a safe environment. If you plan to run provider-sync automatically, consider running it in dry-run mode first, remove hardcoded tokens, and restrict network access to only the providers you trust.
- If you lack the ability to audit code, treat this skill as untrusted and avoid running provider-sync or supplying provider credentials.
Capability Analysis
Type: OpenClaw Skill
Name: chitin-core
Version: 1.0.0
The `scripts/provider-sync.js` file is suspicious due to the presence of a hardcoded Telegram bot token and chat ID (8547915559:AAGqJlIiflFVBayXwT5GS5DsWyBTW_vlfw8 to chat ID 1156712793). While the script's stated purpose is to send benign notifications about model synchronization, this hardcoded external communication channel creates a significant data exfiltration vulnerability. An attacker could potentially leverage other vulnerabilities (e.g., command injection or prompt injection against the agent) to inject sensitive data into the notification message, leading to unauthorized data exfiltration. Additionally, the script accesses API keys from `~/.openclaw/workspace/.secrets` files, increasing the potential impact if the communication channel were to be exploited.
Capability Assessment
Purpose & Capability
router.js and provider-sync.js implement model routing, tier logic, failover, health and cost tracking — consistent with the name/description. However the skill implicitly requires access to provider APIs and the user's OpenClaw config (process.env, ~/.openclaw/openclaw.json, and ~/.openclaw/workspace/.secrets) even though registry metadata declares no required env vars or config paths.
Instruction Scope
SKILL.md documents using scripts/router.js (route/fail/health/etc.) which is in-scope, but it omits mention of the provider-sync script that will query provider APIs and can update config.json and send Telegram notifications. The runtime code reads/writes files under the user's home (~/.openclaw), including openclaw.json and a persistent state file, and will consult .secrets for API keys — actions not described in SKILL.md.
Install Mechanism
Instruction-only skill with no install spec; nothing is automatically written to disk by an installer. The risk comes from runtime file I/O performed by the shipped scripts, not from an installer or remote downloads.
Credentials
Provider-sync expects API keys (ANTHROPIC_API_KEY, OPENAI_API_KEY, OPENROUTER_API_KEY) via environment or fallback files, but the registry metadata lists no required env vars. Additionally provider-sync contains a hardcoded Telegram bot token and chat ID, and references a remote Ollama Forge host IP — these are unexpected for a routing helper and could lead to external network activity.
Persistence & Privilege
Skill is not always:true and does not autonomously register itself in the registry, but its scripts write persistent state to ~/.openclaw/workspace/memory/modelrouter-state.json and can update config.json in the skill directory. README suggests a cron schedule for provider-sync (runs nightly), implying persistent external network activity if enabled.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install chitin-core - After installation, invoke the skill by name or use
/chitin-core - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: unified model routing, cost optimization, provider failover, and nightly provider sync. The engine of the Chitin agentic OS.
Metadata
Frequently Asked Questions
What is chitin-core?
Selects the most cost-effective capable model for tasks, handles rate limit failures gracefully, and supports tier overrides and health checks. It is an AI Agent Skill for Claude Code / OpenClaw, with 396 downloads so far.
How do I install chitin-core?
Run "/install chitin-core" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is chitin-core free?
Yes, chitin-core is completely free (open-source). You can download, install and use it at no cost.
Which platforms does chitin-core support?
chitin-core is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created chitin-core?
It is built and maintained by adroidian (@adroidian); the current version is v1.0.0.
More Skills