← 返回 Skills 市场
396
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install chitin-core
功能描述
Selects the most cost-effective capable model for tasks, handles rate limit failures gracefully, and supports tier overrides and health checks.
使用说明 (SKILL.md)
chitin-core
Route tasks to the cheapest capable model. Never crash on rate limits.
Activation
When spawning sub-agents or delegating tasks, use ModelRouter to select the optimal model.
Trigger phrases: "route this", "spawn a sub-agent", "delegate", or any time you need to choose a model for a task.
Usage
Route a Task
node ~/.openclaw/workspace/skills/chitin-core/scripts/router.js route "task description here"
Returns JSON:
{"tier":"MEDIUM","model":"google-antigravity/gemini-3.1-pro","confidence":0.85,"estimatedCost":0.005,"signals":["codeSignals:2×1.2=2.4"]}
Use the returned model value in sessions_spawn.
Handle Failures
If a spawned session fails with a rate limit or error:
node ~/.openclaw/workspace/skills/chitin-core/scripts/router.js fail "provider/model" "error message"
Then re-route — the failed model will be skipped:
node ~/.openclaw/workspace/skills/chitin-core/scripts/router.js route "same task"
Check Health
node ~/.openclaw/workspace/skills/chitin-core/scripts/router.js health
View Costs
node ~/.openclaw/workspace/skills/chitin-core/scripts/router.js costs
Validate Config
node ~/.openclaw/workspace/skills/chitin-core/scripts/router.js validate
Workflow
- Receive task from user
- Run
router.js route "\x3Ctask>"to get optimal model sessions_spawnwith returned model- If spawn fails →
router.js fail "\x3Cmodel>" "\x3Cerror>"→ retry route - Return result to user
Tiers
| Tier | Use Case | Models |
|---|---|---|
| LIGHT | Greetings, simple Q&A, status checks | Flash, DeepSeek, gpt-5-mini, Groq, Ollama |
| MEDIUM | Code, summaries, standard tasks | Gemini Pro, gpt-5.2, DeepSeek Reasoner |
| HEAVY | Architecture, complex reasoning, agentic | gpt-5.2-pro, o3, Codex |
Override Tags
Include in task text to force a tier:
@light— force cheapest model@medium— force mid-tier@heavy— force most capable
Graceful Degradation
If all models in a tier are rate-limited, the router automatically:
- Tries adjacent tiers (escalate or downgrade)
- Falls back to local Ollama if configured
- Returns structured error with retry time (never crashes)
Configuration
Edit config.json in the skill directory to:
- Add/remove models per tier
- Adjust cost figures
- Tune classification boundaries
安全使用建议
What to check before installing:
- This skill's code matches its stated routing functionality, but it expects provider API keys (Anthropic/OpenAI/OpenRouter) via environment variables or ~/.openclaw/workspace/.secrets even though the registry declares none. If you don't want it to use your provider credentials, do not supply those env vars or secret files.
- provider-sync.js contains a hardcoded Telegram bot token and chat id that will send notifications to an external bot. If you run provider-sync (manually or scheduled), either remove/replace the hardcoded token or disable Telegram notifications.
- The sync script references a remote Ollama Forge IP; audit any network endpoints before enabling automated sync/cron jobs.
- The router script reads and writes files under ~/.openclaw (openclaw.json, memory state) — review those paths and back up configs if needed.
- Recommendation: review the two shipped scripts (provider-sync.js and router.js) line-by-line in a safe environment. If you plan to run provider-sync automatically, consider running it in dry-run mode first, remove hardcoded tokens, and restrict network access to only the providers you trust.
- If you lack the ability to audit code, treat this skill as untrusted and avoid running provider-sync or supplying provider credentials.
功能分析
Type: OpenClaw Skill
Name: chitin-core
Version: 1.0.0
The `scripts/provider-sync.js` file is suspicious due to the presence of a hardcoded Telegram bot token and chat ID (8547915559:AAGqJlIiflFVBayXwT5GS5DsWyBTW_vlfw8 to chat ID 1156712793). While the script's stated purpose is to send benign notifications about model synchronization, this hardcoded external communication channel creates a significant data exfiltration vulnerability. An attacker could potentially leverage other vulnerabilities (e.g., command injection or prompt injection against the agent) to inject sensitive data into the notification message, leading to unauthorized data exfiltration. Additionally, the script accesses API keys from `~/.openclaw/workspace/.secrets` files, increasing the potential impact if the communication channel were to be exploited.
能力评估
Purpose & Capability
router.js and provider-sync.js implement model routing, tier logic, failover, health and cost tracking — consistent with the name/description. However the skill implicitly requires access to provider APIs and the user's OpenClaw config (process.env, ~/.openclaw/openclaw.json, and ~/.openclaw/workspace/.secrets) even though registry metadata declares no required env vars or config paths.
Instruction Scope
SKILL.md documents using scripts/router.js (route/fail/health/etc.) which is in-scope, but it omits mention of the provider-sync script that will query provider APIs and can update config.json and send Telegram notifications. The runtime code reads/writes files under the user's home (~/.openclaw), including openclaw.json and a persistent state file, and will consult .secrets for API keys — actions not described in SKILL.md.
Install Mechanism
Instruction-only skill with no install spec; nothing is automatically written to disk by an installer. The risk comes from runtime file I/O performed by the shipped scripts, not from an installer or remote downloads.
Credentials
Provider-sync expects API keys (ANTHROPIC_API_KEY, OPENAI_API_KEY, OPENROUTER_API_KEY) via environment or fallback files, but the registry metadata lists no required env vars. Additionally provider-sync contains a hardcoded Telegram bot token and chat ID, and references a remote Ollama Forge host IP — these are unexpected for a routing helper and could lead to external network activity.
Persistence & Privilege
Skill is not always:true and does not autonomously register itself in the registry, but its scripts write persistent state to ~/.openclaw/workspace/memory/modelrouter-state.json and can update config.json in the skill directory. README suggests a cron schedule for provider-sync (runs nightly), implying persistent external network activity if enabled.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install chitin-core - 安装完成后,直接呼叫该 Skill 的名称或使用
/chitin-core触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: unified model routing, cost optimization, provider failover, and nightly provider sync. The engine of the Chitin agentic OS.
元数据
常见问题
chitin-core 是什么?
Selects the most cost-effective capable model for tasks, handles rate limit failures gracefully, and supports tier overrides and health checks. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 396 次。
如何安装 chitin-core?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install chitin-core」即可一键安装,无需额外配置。
chitin-core 是免费的吗?
是的,chitin-core 完全免费(开源免费),可自由下载、安装和使用。
chitin-core 支持哪些平台?
chitin-core 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 chitin-core?
由 adroidian(@adroidian)开发并维护,当前版本 v1.0.0。
推荐 Skills