← Back to Skills Marketplace
564
Downloads
0
Stars
2
Active Installs
9
Versions
Install in OpenClaw
/install clawapi-manager
Description
OpenClaw-native API management and cost optimization. Multi-provider key management, real-time monitoring, smart routing, and automated failover.
README (SKILL.md)
ClawAPI Manager
🔧 Professional API management and cost optimization for OpenClaw deployments
English
Overview
ClawAPI Manager is an OpenClaw-native tool for managing API keys, monitoring costs, and optimizing API spending through intelligent routing. It saves 30-90% on API costs by automatically routing simple tasks to free models.
Capabilities
- Multi-Provider Management: Manage keys for OpenAI, Anthropic, Google, and 40+ providers
- Cost Tracking: Real-time monitoring of API usage and spending
- Smart Routing: Automatically route tasks to cost-effective models
- Key Health Monitoring: Detect expired, rate-limited, or invalid keys
- Config Validation: Detect and auto-fix configuration issues
- Budget Alerts: Multi-channel notifications (Telegram, Discord, Slack, Feishu, QQ)
- Automated Failover: Round-robin key rotation with health checks
How to Use
1. Installation
cd ~/.openclaw/workspace/skills
git clone https://github.com/2233admin/clawapi-manager.git
cd clawapi-manager
pip install -r requirements.txt
2. Basic Commands
# List all providers
python3 claw_api_manager_central.py list
# Validate configuration
python3 claw_api_manager_central.py validate
# Auto-fix configuration issues
python3 claw_api_manager_central.py fix
# Update API key
python3 claw_api_manager_central.py update provider-name new-key
# Add new provider
python3 claw_api_manager_central.py add provider-name https://api.example.com sk-key anthropic-messages
3. Configuration
# Create example configs
cp config/managed_keys_central.json.example config/managed_keys_central.json
cp config/openrouter_keys.json.example config/openrouter_keys.json
# Edit with your keys
nano config/managed_keys_central.json
Example Usage
Scenario 1: Validate Configuration
User: "Check if my OpenClaw config is valid"
Assistant: [Runs validate command, reports issues]
Scenario 2: Auto-Fix Issues
User: "Fix my config errors"
Assistant: [Runs fix command, repairs common issues]
Scenario 3: Add OpenRouter Key
User: "Add this OpenRouter key: sk-or-v1-xxx"
Assistant: [Adds key, configures rotation]
Scripts
claw_api_manager_central.py: Main management CLIlib/config_manager.py: Configuration management corelib/key_rotation.py: Automated key rotationlib/cost_monitor.py: Cost tracking and reportinglib/smart_router.py: Intelligent task routing
Limitations
- Requires Python 3.8+
- Only supports OpenClaw deployments
- Config validation covers common issues only
- Smart routing requires OpenRouter integration
Troubleshooting
Issue: "Unknown model" error
- Run:
python3 claw_api_manager_central.py validate - Run:
python3 claw_api_manager_central.py fix - Restart gateway:
openclaw gateway restart
Issue: Key rotation not working
- Check:
config/openrouter_keys.jsonexists - Verify: All keys have
enabled: true - Check logs:
~/.openclaw/logs/gateway.log
中文
概述
ClawAPI Manager 是 OpenClaw 原生的 API 管理和成本优化工具。通过智能路由自动将简单任务分配给免费模型,节省 30-90% 的 API 成本。
功能
- 多 Provider 管理:管理 OpenAI、Anthropic、Google 等 40+ 家 API 密钥
- 成本追踪:实时监控 API 使用和花费
- 智能路由:自动将任务路由到性价比最高的模型
- 密钥健康监控:检测过期、限流或无效的密钥
- 配置验证:检测并自动修复配置问题
- 预算告警:多渠道通知(Telegram、Discord、Slack、飞书、QQ)
- 自动故障转移:Round-robin 密钥轮换 + 健康检查
使用方法
1. 安装
cd ~/.openclaw/workspace/skills
git clone https://github.com/2233admin/clawapi-manager.git
cd clawapi-manager
pip install -r requirements.txt
2. 基本命令
# 列出所有 providers
python3 claw_api_manager_central.py list
# 验证配置
python3 claw_api_manager_central.py validate
# 自动修复配置问题
python3 claw_api_manager_central.py fix
# 更新 API Key
python3 claw_api_manager_central.py update provider-name new-key
# 添加新 provider
python3 claw_api_manager_central.py add provider-name https://api.example.com sk-key anthropic-messages
3. 配置
# 创建示例配置
cp config/managed_keys_central.json.example config/managed_keys_central.json
cp config/openrouter_keys.json.example config/openrouter_keys.json
# 编辑你的密钥
nano config/managed_keys_central.json
使用示例
场景 1:验证配置
用户:"检查我的 OpenClaw 配置是否正确"
助手:[运行 validate 命令,报告问题]
场景 2:自动修复
用户:"修复我的配置错误"
助手:[运行 fix 命令,修复常见问题]
场景 3:添加 OpenRouter 密钥
用户:"添加这个 OpenRouter 密钥:sk-or-v1-xxx"
助手:[添加密钥,配置轮换]
脚本
claw_api_manager_central.py:主管理 CLIlib/config_manager.py:配置管理核心lib/key_rotation.py:自动密钥轮换lib/cost_monitor.py:成本追踪和报告lib/smart_router.py:智能任务路由
限制
- 需要 Python 3.8+
- 仅支持 OpenClaw 部署
- 配置验证仅覆盖常见问题
- 智能路由需要 OpenRouter 集成
故障排除
问题:"Unknown model" 错误
- 运行:
python3 claw_api_manager_central.py validate - 运行:
python3 claw_api_manager_central.py fix - 重启 gateway:
openclaw gateway restart
问题:密钥轮换不工作
- 检查:
config/openrouter_keys.json是否存在 - 验证:所有密钥都有
enabled: true - 查看日志:
~/.openclaw/logs/gateway.log
📖 详细文档: README.md
🐛 问题反馈: GitHub Issues
🚀 快速开始: 运行 python3 claw_api_manager_central.py --help
Usage Guidance
This package appears to implement an API key manager and cost monitor, but there are several red flags you should address before installing or running it:
- Do not run install.sh or pip commands without reviewing them. The SKILL.md references pip install -r requirements.txt, but requirements.txt is not in the bundle — confirm what dependencies are required.
- Inspect lib/config_manager.py and lib/key_rotation.py (and any code that touches backups or ~/.openclaw) to confirm where API keys are stored, whether they are encrypted before being transmitted or uploaded, and whether any remote endpoints receive keys.
- Look for any code that posts keys or configs to external servers. The notifier scripts send messages to Telegram/webhooks (expected), but verify they don't send secrets elsewhere.
- Confirm the exact filesystem paths the skill will modify (config/.env, ~/.openclaw/openclaw.json, ~/.openclaw/backups, logs) and back up those files before experimenting.
- If you plan to try it, run it in a sandboxed or isolated environment (non-production machine or container) and provide only test API keys with limited privileges.
- Ask the publisher for provenance: where is the canonical source repo, who maintains it, and why registry metadata lists Source: unknown. If provenance can't be verified, treat the package as untrusted.
If you want, I can: (1) list the specific files/functions to inspect for remote network calls and key handling, (2) search the full code for any outbound network endpoints, or (3) draft a short checklist of lines to review in config_manager.py and key_rotation.py to assess exfiltration risk.
Capability Analysis
Type: OpenClaw Skill
Name: clawapi-manager
Version: 1.1.2
The skill is classified as suspicious due to several high-risk capabilities, primarily involving privileged system operations and direct manipulation of core OpenClaw configuration. Specifically, `install.sh` attempts to modify system-wide logrotate configuration (`/etc/logrotate.d`) and suggests cron job installation, which are privileged operations and potential persistence mechanisms. The `read_openclaw_config.sh` script extracts API keys from the main OpenClaw configuration and writes them to a new `.env` file, creating an additional sensitive credential storage point. Furthermore, several scripts (`auto_rotate.sh`, `check_cost.sh`, `check_quota.sh`, `lib/notifier.py`) perform external network calls for notifications, and core Python modules (`claw_api_manager_central.py`, `lib/config_manager.py`, `lib/model_switcher.py`, `clawapi_helper.py`) directly modify the sensitive `~/.openclaw/openclaw.json` file, including API keys and routing. The `clawapi_helper.py` script is explicitly designed to expose these configuration manipulation functions to an AI agent, posing a significant prompt injection risk for unauthorized configuration changes.
Capability Assessment
Purpose & Capability
The name/description claim a multi-provider API key manager and cost optimizer, and included code (key rotation, cost monitor, notifier, config manager, smart router) is consistent with that purpose. However the package metadata declares no required environment variables or primary credential while multiple scripts explicitly source a config/.env and expect provider keys and webhook tokens. Also SKILL.md tells users to pip install -r requirements.txt but no requirements.txt appears in the provided manifest — an incoherence between claimed install steps and included files.
Instruction Scope
Runtime instructions (SKILL.md) instruct cloning from GitHub and running Python scripts and editing config files, which is expected. But SKILL.md omits mention of the config/.env file that many shell scripts source; scripts assume access to ~/.openclaw/logs and backups and run commands like openclaw gateway restart and clawhub list. Several components will read/write global OpenClaw config paths (backups, ~/.openclaw) and require full API keys; the instructions give the agent broad permission to read and modify sensitive local config without declaring those needs.
Install Mechanism
There is no formal install spec in registry metadata (instruction-only), but the SKILL.md instructs running git clone and pip install -r requirements.txt. The repository bundle provided contains many scripts and an install.sh, but requirements.txt is not present in the manifest — this mismatch is suspicious and means the documented install steps may fail or hide additional installation behaviors. Because there is an install.sh present, a user should review its contents before executing any install commands.
Credentials
Registry fields list no required env vars, yet many scripts source config/.env and reference variables like TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, QUOTA_CRITICAL_THRESHOLD, COST_BUDGET_THRESHOLD and provider API keys. The skill will therefore require sensitive credentials to operate (API keys, webhook tokens) but doesn't declare them. The skill also reads/writes global OpenClaw config and logs (which may contain other credentials) — broader access than the metadata suggests.
Persistence & Privilege
always:false and disable-model-invocation:false (normal). But the code includes backup/restore and direct writes to OpenClaw config paths; central management utilities (config_manager) imply it will modify core OpenClaw files (backups, main config). That means it can change system-wide configuration and stored API keys — a significant level of privilege. This is expected for a key-management tool but should be explicitly documented and surfaced in the registry metadata (it is not).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install clawapi-manager - After installation, invoke the skill by name or use
/clawapi-manager - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.2
Major documentation overhaul: Bilingual support (EN+中文), official Claude Skills format, comprehensive CHANGELOG, improved structure
v1.1.1
v1.1.1: Security fix - removed all API keys from git history. Added config validation and auto-fix commands.
v1.3.0
v1.3.0: API key rotation with cooldown, balance checker for OpenAI/Anthropic, billing disable support
v1.2.0
v1.2.0: Protocol detection (anthropic-messages/openai-chat/openai-compatible), troubleshooting guide (401/403/404/429/500/503), config repair, enhanced documentation
v1.1.0
v1.1.0: Complete TUI with Textual/Rich, channel management, conversational interface for QQ/Feishu, smart environment detection
v1.0.5
v1.0.5: Lightweight scheduler (pure memory + JSON, 10x faster) | v1.0.4: Task scheduler with load balancing, queue, node selection, retry | v1.0.3: AI complexity prediction using Qwen 0.5B | v1.0.2: Model switcher with safe JSON modification
v1.0.2
feat: integrate model switcher from openclaw-switch - safe model switching with fallback chain visualization
v1.0.1
Security fix: Remove sensitive data
v1.0.0
ClawAPI Manager initial release:
- Provides comprehensive API key management, rotation, and AES-256 encrypted storage.
- Real-time monitoring of API usage, gateway health, quotas, and session analytics.
- Smart, cost-optimized task routing with OpenRouter integration for free model usage.
- Multi-channel notification support (Telegram, Discord, Slack, Feishu, QQ, DingTalk) with alerting and reporting.
- Built-in fault tolerance, circuit breaker, and failover/bypass modes for high reliability.
- Modular architecture for easy integration with OpenClaw and customizable cost-saving strategies.
Metadata
Frequently Asked Questions
What is ClawAPI Manager?
OpenClaw-native API management and cost optimization. Multi-provider key management, real-time monitoring, smart routing, and automated failover. It is an AI Agent Skill for Claude Code / OpenClaw, with 564 downloads so far.
How do I install ClawAPI Manager?
Run "/install clawapi-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ClawAPI Manager free?
Yes, ClawAPI Manager is completely free (open-source). You can download, install and use it at no cost.
Which platforms does ClawAPI Manager support?
ClawAPI Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ClawAPI Manager?
It is built and maintained by 2233admin (@2233admin); the current version is v1.1.2.
More Skills