← 返回 Skills 市场
IdleClaw
作者
futurejunk
· GitHub ↗
· v1.2.1
420
总下载
1
收藏
2
当前安装
7
版本数
在 OpenClaw 中安装
/install idleclaw
功能描述
Share your idle Ollama inference with the community, or use community inference when your API credits run out.
使用说明 (SKILL.md)
IdleClaw
A distributed inference network for Ollama. Contributors share idle GPU/CPU capacity, consumers use community compute when their API credits run out.
Modes
Contribute — Share your idle inference
Start your machine as an inference node. Your local Ollama models become available to the community.
cd "$SKILL_DIR" && python scripts/contribute.py
This connects to the IdleClaw routing server, registers your available models, and begins accepting inference requests. Press Ctrl+C to stop.
Requirements: Ollama must be running with at least one model pulled.
Consume — Use community inference
Send a chat request to the community network instead of running locally.
cd "$SKILL_DIR" && python scripts/consume.py --model \x3Cmodel-name> --prompt "\x3Cyour message>"
Streams the response to stdout as tokens arrive.
Status — Check network health
See how many nodes are online and what models are available.
cd "$SKILL_DIR" && python scripts/status.py
Configuration
| Variable | Default | Description |
|---|---|---|
IDLECLAW_SERVER |
https://api.idleclaw.com |
Routing server URL |
OLLAMA_HOST |
http://localhost:11434 |
Local Ollama endpoint |
Security
External Endpoints
This skill contacts the following external endpoints:
-
IdleClaw Routing Server (
IDLECLAW_SERVER, defaulthttps://api.idleclaw.com)- Contribute mode: Opens a WebSocket connection to register as an inference node. Sends: node ID, available model names, and inference responses. Receives: inference requests (model name, chat messages, and optional tool schemas).
- Consume mode: Sends HTTP POST to
/api/chatwith model name and chat messages. Receives: streaming token response via SSE. - Status mode: Sends HTTP GET to
/healthand/api/models. Receives: server health info and available model list.
-
Local Ollama (
OLLAMA_HOST, defaulthttp://localhost:11434)- Contribute mode only: Calls Ollama's API to list models and run inference. All communication stays on localhost.
Data Handling
- No user data is persisted locally or on the server beyond the active session.
- No credentials or API keys are required or stored.
- All communication is text — every message between the server, the node, and Ollama is JSON text over WebSocket or HTTP. No binary data, file uploads, images, or executable payloads are transmitted.
- No local code execution — the contributor node is a relay. It forwards JSON inference parameters to Ollama and streams JSON responses back to the server. The node does not execute tools, run shell commands, or access the filesystem. Any tool execution is handled server-side after response validation.
- Chat messages (text strings) are transmitted from consumer to server to contributor node for inference, then discarded.
- No telemetry or analytics are collected.
- In contribute mode, the routing server sends JSON inference requests to the node, which forwards them to your local Ollama instance. Ollama returns a JSON text response which the node relays back. Contributors can point
IDLECLAW_SERVERto a self-hosted instance. - In consume mode, text prompts are sent to the routing server which routes them to an available contributor node.
Sanitization
Client-side:
- Inference parameters are validated before passing to Ollama: only whitelisted keys are forwarded (
model,messages,stream,think,keep_alive,options,tools,format). Unknown keys are stripped. - Requested model must match a model the node registered — requests for unregistered models are rejected.
- Message limits enforced: max 50 messages per request, max 10,000 characters per message content.
- Only known response fields are forwarded back to the server (
role,content,thinking,tool_calls). - In consume mode, model names are validated against a strict pattern (alphanumeric, colons, periods, hyphens only). In contribute mode, requested models must match a model the node registered from Ollama.
- Server URLs are validated as HTTP/HTTPS URLs before use.
- No shell commands are constructed from user input — all execution is Python-only.
- No local files are read or accessed — the skill only communicates with Ollama and the routing server.
Server-side (routing server):
- IP-based rate limiting on all endpoints: chat (20 RPM), node registration (5 RPM), general (60 RPM).
- Input validation: max 50 messages per request, 10,000 chars per message, 64-char model names, roles restricted to
userandassistant. - Output sanitization: response content is stripped of markup tags before delivery to consumers.
- Node registration limits: max 3 nodes per IP, max concurrent requests clamped to 1-10.
- Tool execution safeguards: schema validation, argument type checking, 15-second timeout, per-node rate limiting (20 calls/min).
- Server binds to localhost only, accessed through Caddy reverse proxy with auto-TLS.
- Red team tested with documented findings and mitigations (security assessment on GitHub).
Installation
Run the installer to set up Python dependencies:
cd "$SKILL_DIR" && bash install.sh
安全使用建议
This skill will make your local Ollama models available to an external routing server (by default https://api.idleclaw.com) and will forward chat prompts to community nodes when consuming. It does not request passwords or API keys, nor does it execute shell commands or read arbitrary files, but it does transmit the text of prompts and model outputs to an external service—treat that as potential data leakage. Before installing: (1) review and trust the routing server you will use (set IDLECLAW_SERVER to a self-hosted endpoint if you prefer), (2) inspect install.sh and the pip requirements and consider installing into a virtualenv, (3) run contributors in an isolated machine or VM if you are concerned about exposing prompt content, and (4) if you need stronger guarantees, host the routing server yourself and re-audit both server and client code. The repository/packaging inconsistency (registry claims no install spec while an installer and requirements exist) is a minor red flag—confirm the intended install steps before proceeding.
功能分析
Type: OpenClaw Skill
Name: idleclaw
Version: 1.2.1
The skill facilitates a distributed inference network by connecting a local Ollama instance to a remote routing server (api.idleclaw.com) via WebSockets. While the scripts (scripts/contribute.py, scripts/consume.py) include security controls like parameter whitelisting, input validation, and response filtering, the inherent capability of relaying remote requests to a local service constitutes a high-risk network behavior. No evidence of intentional malice, such as data exfiltration or unauthorized shell execution, was found in the code or the SKILL.md instructions.
能力评估
Purpose & Capability
Name/description match the required binaries (python3, ollama) and the included scripts: contribute.py registers local Ollama models and relays inference, consume.py posts prompts to the routing server, and status.py queries server health. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md accurately describes network interactions. The code implements the described behaviors: WebSocket registration, forwarding JSON inference params to local Ollama, streaming JSON responses back, and client-side validation and limits. The scripts do not spawn shells, read arbitrary files, or access secrets beyond optional environment variables (IDLECLAW_SERVER, OLLAMA_HOST).
Install Mechanism
The repository includes an install.sh that runs pip install -r requirements.txt (packages: ollama, websockets, python-dotenv, httpx). This is a typical Python install flow and does not download arbitrary artifacts, but the registry metadata indicated 'no install spec' while files include an installer—this packaging inconsistency is worth noting. Installing Python packages will write to disk and add dependencies to your environment.
Credentials
No required secret env vars are declared. Optional env vars used by the code are IDLECLAW_SERVER and OLLAMA_HOST (both non-secret configuration). The skill does not request unrelated cloud credentials or tokens.
Persistence & Privilege
The skill is not always-enabled, is user-invocable, and does not modify other skills or system-wide agent settings. It does not persist user data to disk. It opens network connections to the routing server as expected for its function.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install idleclaw - 安装完成后,直接呼叫该 Skill 的名称或使用
/idleclaw触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.1
Fix documentation accuracy: remove text-only claim, document JSON communication and tool relay flow precisely.
v1.2.0
Add client-side inference parameter validation (whitelist keys, verify model, message limits). Remove unknown field forwarding in responses. Add public security assessment.
v1.1.3
Revise security docs: factual tone, text-only emphasis, document server-side rate limiting, input validation, output sanitization, tool execution safeguards, and red team testing
v1.1.2
Strengthen security documentation: explicit privacy/trust model for contribute and consume modes, recommend container isolation, document self-hosted server option
v1.1.1
Trim contribute.py to fit within security scanner limit (fixes truncation that dropped confidence to MEDIUM)
v1.1.0
Align contribute.py with node-agent: remove client-side capability detection, add Ollama health check before inference, improve error logging and resilience
v1.0.0
Initial release: community GPU inference network with contribute, consume, and status modes.
元数据
常见问题
IdleClaw 是什么?
Share your idle Ollama inference with the community, or use community inference when your API credits run out. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 420 次。
如何安装 IdleClaw?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install idleclaw」即可一键安装,无需额外配置。
IdleClaw 是免费的吗?
是的,IdleClaw 完全免费(开源免费),可自由下载、安装和使用。
IdleClaw 支持哪些平台?
IdleClaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。
谁开发了 IdleClaw?
由 futurejunk(@futurejunk)开发并维护,当前版本 v1.2.1。
推荐 Skills