Manages API request rates with delay, concurrency limits, configurable policies, automatic retries, and real-time status monitoring.

This skill appears to implement the claimed rate-limiting functionality, but there are implementation inconsistencies you should address before installing: 1) The main script uses DEFAULT_CONFIG_FILE and the entrypoint path hard-coded to /root/.openclaw/..., while install.sh installs files under $HOME — fix these paths to be consistent (use $HOME or relative skill dir) to avoid needing root or silently failing. 2) install.sh creates a /usr/local/bin symlink and may call sudo — run the installer with care and inspect the script first. 3) Ensure jq is installed; the scripts exit if jq is missing. 4) Consider running the skill in a sandbox or testing environment first (or manually copy files rather than running install.sh) so you can confirm it doesn't attempt to read/write root-owned paths. If the author intended to require root, ask why; if not, request a patch that removes hard-coded /root references and uses the installed skill directory or $HOME consistently.

Type: OpenClaw Skill Name: api-rate-limiter Version: 1.0.0 The skill provides a local API rate limiting utility, but contains high-risk patterns and vulnerabilities. Specifically, 'install.sh' attempts to use 'sudo' to create a global symbolic link in '/usr/local/bin', which is an unnecessarily privileged action for a local skill. Additionally, the 'update_config' function in 'scripts/api-rate-limiter.sh' is vulnerable to injection because it inserts the user-provided '--key' argument directly into a 'jq' filter string without sanitization. The scripts also contain inconsistent hardcoded paths (e.g., referencing '/root/'), which is atypical for standard user-space skills.