← 返回 Skills 市场
Clawd Throttle
作者
liekzejaws
· GitHub ↗
· v2.0.0
1247
总下载
0
收藏
3
当前安装
2
版本数
在 OpenClaw 中安装
/install clawd-throttle
功能描述
Routes LLM requests to the cheapest capable model across 8 providers (Anthropic, Google, OpenAI, DeepSeek, xAI, Moonshot, Mistral, Ollama) and 25+ models. Scores prompts on 8 dimensions in under 1ms, supports three routing modes (eco, standard, gigachad), and logs all decisions for cost tracking.
使用说明 (SKILL.md)
Clawd Throttle
Route every LLM request to the cheapest model that can handle it. Stop paying Opus prices for "hello" and "summarize this."
Supports 8 providers and 25+ models: Anthropic (Claude), Google (Gemini), OpenAI (GPT / o-series), xAI (Grok), DeepSeek, Moonshot (Kimi), Mistral, and Ollama (local).
How It Works
- Your prompt arrives
- The classifier scores it on 8 dimensions (token count, code presence, reasoning markers, simplicity indicators, multi-step patterns, question count, system prompt complexity, conversation depth) in under 1 millisecond
- The router maps the resulting tier (simple / standard / complex) to a model based on your active mode and configured providers
- The request is proxied to the correct API
- The routing decision and cost are logged to a local JSONL file
Routing Modes
| Mode | Simple | Standard | Complex |
|---|---|---|---|
| eco | Grok 4.1 Fast | Gemini Flash | Haiku |
| standard | Grok 4.1 Fast | Haiku | Sonnet |
| gigachad | Haiku | Sonnet | Opus 4.6 |
Each cell shows the first-choice model. The router tries a preference list and falls through to the next available provider if the first is not configured.
Available Commands
| Command | What It Does |
|---|---|
route_request |
Send a prompt and get a response from the cheapest capable model |
classify_prompt |
Analyze prompt complexity without making an LLM call |
get_routing_stats |
View cost savings and model distribution stats |
get_config |
View current configuration (keys redacted) |
set_mode |
Change routing mode at runtime |
get_recent_routing_log |
Inspect recent routing decisions |
Overrides
- Heartbeats and summaries always route to the cheapest model
- Type
/opus,/sonnet,/haiku,/flash, or/grok-fastto force a specific model - Sub-agent calls automatically step down one tier from their parent
Setup
- Get at least one API key (Anthropic or Google required; others optional):
- Anthropic: https://console.anthropic.com/settings/keys
- Google AI: https://aistudio.google.com/app/apikey
- xAI: https://console.x.ai
- OpenAI: https://platform.openai.com/api-keys
- DeepSeek: https://platform.deepseek.com
- Moonshot: https://platform.moonshot.cn
- Mistral: https://console.mistral.ai
- Run the setup script:
npm run setup - Choose your routing mode (eco / standard / gigachad)
Privacy
- Prompt content is never stored. Only a SHA-256 hash is logged.
- All data stays local in ~/.config/clawd-throttle/
- API keys stored in your local config file
功能分析
Type: OpenClaw Skill
Name: clawd-throttle
Version: 2.0.0
The OpenClaw AgentSkills skill bundle 'clawd-throttle' is classified as suspicious due to a potential vulnerability related to environment variable handling. While the skill's core functionality is benign (routing LLM requests), it allows overriding LLM provider base URLs (e.g., `ANTHROPIC_BASE_URL`, `GOOGLE_AI_API_KEY`) via environment variables, as seen in `src/config/index.ts` and `src/proxy/dispatcher.ts`. If an attacker can control the environment variables of the process running this skill, they could redirect LLM API calls to a malicious server, potentially exfiltrating prompt content and API keys. This is a risky capability that, while having legitimate uses, presents a data exfiltration vulnerability without clear malicious intent within the skill's own code.
能力评估
Purpose & Capability
The code, README, and data files implement an LLM-routing/proxy skill as described (classifier, routing table, providers, logging). Required binary 'node' is appropriate. However the registry metadata / SKILL.md lists ANTHROPIC_API_KEY and GOOGLE_AI_API_KEY as required env vars while the runtime code only needs at least one provider configured (it will exit only if no provider is configured). This mismatch between declared required envs and actual code is inconsistent and could mislead users about what must be provided.
Instruction Scope
SKILL.md and setup scripts instruct the agent/user to run npm setup, enter API keys, and write config to ~/.config/clawd-throttle/. Instructions and code limit data stored to SHA-256 prompt hashes and local JSONL logs, which is consistent with the privacy statement. A pre-scan pattern flagged 'system-prompt-override' (the SKILL.md refers to system prompts), which is expected for a classifier that considers system prompts but should be treated with care: verify that prompts aren’t being sent to external endpoints beyond the configured providers. Overall instructions stay inside the advertised scope (classify, route, proxy, log), but the system-prompt text and the prompt-hashing claim should be validated by inspecting the hashing implementation before trusting privacy guarantees.
Install Mechanism
Install is standard Node/npm (npm install, no unusual downloads). package.json dependencies are normal and install scripts are local (scripts/setup.sh / .ps1). No extract-from-arbitrary-URL or IP-hosted installers were found in the provided files.
Credentials
The skill legitimately needs provider API keys to proxy requests. But the registry metadata declares both ANTHROPIC_API_KEY and GOOGLE_AI_API_KEY as required while the code treats many keys as optional and requires only at least one configured provider. The setup scripts write API keys and other settings to a local config file (and read env vars at runtime) — storing keys to disk is functional but increases risk if the config file permissions or location are not secured. No unrelated secrets appear to be requested, but the metadata inconsistency is misleading.
Persistence & Privilege
The skill persists configuration and logs under ~/.config/clawd-throttle/ (config.json, routing.jsonl) — expected for this kind of tool. It also can start an HTTP proxy. Notably, the server is started with httpServer.listen(config.http.port) (no explicit host), which in Node defaults to listening on all interfaces; that can unintentionally expose the proxy (and the configured provider API keys / quota) to external network users if the host is reachable. always:false and normal autonomous invocation are fine, but you should ensure the HTTP proxy binds to localhost and protect the config/log files' filesystem permissions.
scan_findings_in_context
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawd-throttle - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawd-throttle触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.0
Major update: Windows compatibility, improved routing engine, bug fixes from Claude Code development
v1.0.0
Initial release: 8 providers, 27+ models, sub-1ms prompt classification, 3 routing modes (eco/standard/performance), MCP server + HTTP reverse proxy, 114 passing tests
元数据
常见问题
Clawd Throttle 是什么?
Routes LLM requests to the cheapest capable model across 8 providers (Anthropic, Google, OpenAI, DeepSeek, xAI, Moonshot, Mistral, Ollama) and 25+ models. Scores prompts on 8 dimensions in under 1ms, supports three routing modes (eco, standard, gigachad), and logs all decisions for cost tracking. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1247 次。
如何安装 Clawd Throttle?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawd-throttle」即可一键安装,无需额外配置。
Clawd Throttle 是免费的吗?
是的,Clawd Throttle 完全免费(开源免费),可自由下载、安装和使用。
Clawd Throttle 支持哪些平台?
Clawd Throttle 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Clawd Throttle?
由 liekzejaws(@liekzejaws)开发并维护,当前版本 v2.0.0。
推荐 Skills