← Back to Skills Marketplace
1816
Downloads
0
Stars
2
Active Installs
19
Versions
Install in OpenClaw
/install which-llm
Description
Deterministic decision-ranking API with HTTP 402 payments and outcome credits.
Usage Guidance
Before installing or enabling this skill: (1) Clarify the WALLET_CREDENTIALS requirement — ask the publisher how the wallet is used and whether signing can be performed by a host-managed signer (so private keys are never exposed to the skill). (2) Do not place private keys or raw seed phrases in environment variables accessible to third-party skills; prefer an external signing service or hardware-backed wallet. (3) Verify the payment addresses and the which-llm.com endpoints across independent sources (DNS, HTTPS, ENS TXT records) as the skill itself recommends — do not send funds until you have independently confirmed recipients. (4) Ensure your host enforces per-request user approval for outbound network calls and payments. (5) Ask the maintainer to resolve the metadata mismatch (registry metadata vs SKILL.md/skill.json) — that inconsistency should be fixed before trusting the skill.
Capability Analysis
Type: OpenClaw Skill
Name: which-llm
Version: 1.0.18
The skill requires 'WALLET_CREDENTIALS' and high-sensitivity access to perform autonomous crypto transactions (USDC) via an external API (api.which-llm.com). While the documentation (SKILL.md and skill.json) describes a legitimate-sounding service for optimizing LLM selection using HTTP 402 payments and a credit-back system, the requirement for an AI agent to autonomously manage a wallet and satisfy external payment demands introduces significant financial risk and potential for fund exhaustion if not strictly governed by the host environment.
Capability Assessment
Purpose & Capability
The skill purpose (deterministic model-selection via a Which‑LLM API) matches the SKILL.md and skill.json content: endpoints, pricing, and a payment flow. However, registry metadata provided to you earlier lists no required credentials, while both SKILL.md and skill.json declare credentials_required: true and primary_credential: WALLET_CREDENTIALS. That mismatch is an inconsistency that should be clarified.
Instruction Scope
The runtime instructions are narrowly scoped to outbound HTTPS calls to api.which-llm.com and handling HTTP 402 payment flows. The skill does not instruct reading arbitrary host files or other system resources. However, it repeatedly requires that the 'AI bot needs access to a crypto wallet' for paid calls without specifying how wallet access or signing is to be performed — this ambiguity increases risk because it could lead to insecure handling of private keys or unclear operational behavior.
Install Mechanism
This is instruction-only with no install spec, no downloads, and no code written to disk — the lowest-risk install mechanism. There are no suspicious install URLs or extracted archives.
Credentials
Requiring WALLET_CREDENTIALS is proportionate to a paid HTTP 402 model, but the skill declares 'sensitivity: high' and 'credentials_required: true' while the registry metadata you were shown earlier claimed no required env vars — an unexplained discrepancy. 'WALLET_CREDENTIALS' implies access to private keys or signing capability (high privilege). The skill does not explain whether the wallet must be fully exposed to the skill, if signing should happen via a host-managed signing service, or whether ephemeral signing tokens can be used. That ambiguity can lead to over-sharing highly sensitive secrets.
Persistence & Privilege
The skill is not always-on, does not request to modify other skills or system settings, and does not write to disk on install. Invocation and approval policies in skill.json indicate per-request approval is expected, which reduces risk if enforced by the host.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install which-llm - After installation, invoke the skill by name or use
/which-llm - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.18
No functional changes; SKILL.md updated for clarity, scope, and registry compliance.
- Simplified and condensed documentation, focusing on safe API usage and registry summary.
- More explicit about wallet requirements—now only needed for paid requests.
- Clarified install mechanism (instruction only) and that no code or files are written/downloaded on install.
- Removed extended credential setup and security best practices.
- Added troubleshooting section for common API responses.
- Registry fields updated: includes sensitivity level and install expectations.
v1.0.17
No functional changes. Updated documentation to clarify risk and sensitivity of raw private key usage and signing authority.
- The SKILL.md now explicitly warns that using a raw private key fallback and the ability to sign/broadcast transactions makes the skill more sensitive than a read-only API client.
- Added advice to treat the raw private key fallback as a high-risk, exception-only option.
- Clarified the skill’s elevated runtime privilege compared to helpers without signing/broadcast capability.
- No code or functional modifications were made in this release.
v1.0.16
which-llm 1.0.16 changelog
- Updated skill manifest with new metadata fields: `always_on: false` and `disable_model_invocation: false`.
- Clarified in documentation that the skill can prepare, sign, and broadcast payment transactions when enabled by the host.
- Added explicit guidance that wallet credentials must always be provided via one supported environment variable path.
- Improved security and privilege warnings about wallet use, emphasizing risk if host disables approval prompts.
- No code or functional changes detected.
v1.0.15
No user-facing or backend changes were detected in this release.
- Version bump only; no changes to skill files.
- Functionality, API, and documentation remain unchanged.
v1.0.14
**Credential flexibility and wallet security improvements**
- Added encrypted keystore support as the preferred credential method (via `WALLET_KEYSTORE_PATH` or `WALLET_KEYSTORE_JSON` plus password) for storing the signing key, with private key as a fallback.
- Updated prerequisites and best practices sections to recommend keystore usage over a raw private key when possible.
- Clarified and expanded payment-address verification instructions, specifying use of multiple publication channels or retrieval paths.
- Added and renamed instructional content to reinforce recommended operational mode, wallet separation, and approval defaults.
- Improved clarity and completeness of wallet setup, credential hierarchy, and mode-selection guidance.
v1.0.13
- Refined documentation for clarity and brevity on what the skill does and does not do.
- Emphasized the requirement to always use a dedicated, low-balance wallet and to independently verify payment addresses before use.
- Expanded quick reference and endpoint descriptions for faster onboarding and safer use.
- Clarified payment flow, default approval behavior, and safety model.
- Updated best-practice and troubleshooting guidance, encouraging regular review, small balances, and minimal trust.
v1.0.12
- Refined and simplified credential setup instructions for clarity.
- Now only documents and supports `WALLET_PRIVATE_KEY` as the credential input (mnemonic and keystore options removed from documentation).
- Prerequisites and safety guidance updated to emphasize use of a dedicated, low-balance wallet.
- Credential configuration and wallet funding steps streamlined and condensed.
- Security model and user safety best practices further clarified.
v1.0.11
- No code or documentation changes detected in this version.
- Version bump to 1.0.11 with no modifications to skill files.
- All functionality, prerequisites, and usage remain unchanged.
v1.0.10
Consistently document three credential options.
**Added transparency for trust assessment** - Users can now clearly see:
- What the skill can/cannot do (doesn't modify other skills, runs on-demand only)
- Why autonomous payments don't require per-request approval (low $0.01 cost)
- How spending is bounded (wallet balance limits)
- Exact funding needed (USDC + gas token amounts)
v1.0.9
No significant code or configuration changes detected in this release.
Only SKILL.md documentation has been updated.
- Removed version-specific and redundant recommendations in the credential setup and security sections for improved clarity and conciseness.
- Simplified credential option descriptions and removed repetitive content.
- Clarified and reorganized credential and security guidance for easier reference.
- No functional or API changes; documentation only.
v1.0.8
which-llm 1.0.8
- Updated wallet setup instructions to clarify that both USDC and the native gas token (ETH/AVAX) are required in the dedicated wallet.
- Added specific recommended funding ranges for USDC ($2-10) and gas token ($3-5) for normal usage.
- Emphasized that both tokens must be held in the same wallet.
- Improved example commands and explanations for funding and secure setup.
v1.0.7
**Credential system added for secure, autonomous payments and wallet management.**
- Introduced required credentials (`WALLET_PRIVATE_KEY` and optional alternatives) for agent to sign transactions and manage payments.
- Updated documentation with credential setup instructions, formats, and clear security/risk guidance.
- Declared `credentials_required: true` and defined `primary_credential` for skill metadata.
- Clarified autonomous operation using provided wallet credentials.
- Strengthened recommendations for wallet isolation, funding limits, and periodic monitoring.
v1.0.6
Version 1.0.6
- Updated skill documentation to support fully autonomous operation using a dedicated wallet.
- Added setup instructions for providing wallet credentials and funding with limited USDC for agent-controlled payments.
- Clarified that the agent can send USDC payments and make paid API calls autonomously, up to the wallet balance.
- Revised security and risk model guidance, emphasizing use of a dedicated, limited-fund wallet and regular transaction monitoring.
- Streamlined and moved address verification steps to be a one-time setup, with explicit multi-source instructions and reporting for address discrepancies.
- Removed legacy manual confirmation policies and redundant content on per-transaction user review.
v1.0.5
## which-llm v1.0.5 Changelog
- Added `homepage` field to SKILL.md for easier reference and trust verification.
- Improved documentation: quick reference, explicit supported chains, and clear prerequisites section.
- Expanded and reorganized payment address verification instructions, including multi-source verification with specific API/documentation/ENS endpoints.
- Clarified user confirmation policy and authentication model.
- Enhanced example API calls and sample responses for capabilities and pricing.
- No functional or code changes; documentation-only update.
v1.0.4
which-llm v1.0.4
- Payment address security model strengthened: removed hardcoded addresses; now requires user verification from multiple independent sources before any payment.
- Security documentation updated to emphasize risks and the need for multi-source payment address verification (well-known endpoint, GitHub, ENS, docs, or support).
- Environment variable instructions warn about the dangers of misconfigured API endpoints.
- Explicit instructions for the agent and user to halt and verify payment addresses before all paid API calls.
- No functional code or API changes; security policies and documentation are significantly improved.
v1.0.3
**Enhanced payment security, user confirmation policy, and configuration instructions added.**
- Introduced mandatory environment variable configuration and guidance for setup.
- Added strict user confirmation requirements before any paid or outcome-reporting requests.
- Implemented a runtime payment address verification step against the official address to prevent spoofing.
- Provided a user-facing safety checklist before every paid operation.
- Updated documentation to highlight essential security, explicit approval, and payment-flow requirements.
- Clarified that free endpoint calls may proceed without user approval.
v1.0.2
No changes detected in this version. There are no updates to functionality, documentation, or files. Updated skill.json
v1.0.1
which-llm 1.0.1
- Documentation streamlined for clarity and brevity.
- Security instructions simplified; configuration details for environment variables removed from this guide.
- No changes to code or functionality—documentation cleanup only.
v1.0.0
Decision Economic Optimizer 1.0.0 – Initial Release
- Introduces a deterministic API for model selection with budget and quality constraints.
- Supports HTTP 402 USDC payments and offers outcome-based credit tokens for discounts on future requests.
- Clearly separates API interactions, security practices, and user control for safe, transparent operation.
- Documents detailed request and payment flows, including step-by-step CLI usage instructions.
- Emphasizes privacy (no LLM execution, no code or file access), keeping all payments and sensitive actions local to the user.
Metadata
Frequently Asked Questions
What is Which LLM? Deterministic model selection for agents?
Deterministic decision-ranking API with HTTP 402 payments and outcome credits. It is an AI Agent Skill for Claude Code / OpenClaw, with 1816 downloads so far.
How do I install Which LLM? Deterministic model selection for agents?
Run "/install which-llm" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Which LLM? Deterministic model selection for agents free?
Yes, Which LLM? Deterministic model selection for agents is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Which LLM? Deterministic model selection for agents support?
Which LLM? Deterministic model selection for agents is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Which LLM? Deterministic model selection for agents?
It is built and maintained by Zapkid (@zapkid); the current version is v1.0.18.
More Skills