← 返回 Skills 市场
RedLine
作者
Weston Johnson
· GitHub ↗
· v0.2.0
645
总下载
1
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install redline
功能描述
Live rate-limit awareness for Claude.ai (Max/Pro) and OpenAI (Plus/Pro/Codex). Never hit the red line again — your agent checks remaining budget every heartb...
安全使用建议
This skill's goal (live usage/pacing) is reasonable, but the package is incomplete and asks the agent to access sensitive local credentials. Before installing:
- Ask the publisher for the missing scripts (scripts/claude-usage and scripts/openai-usage) or for an install spec; do not run undocumented scripts.
- Confirm you run this on macOS (it expects the `security` CLI and Keychain) and that OpenClaw is installed if you want OpenAI checks.
- Understand that the skill will read OAuth tokens from your Keychain and ~/.openclaw auth-profiles.json; only proceed if you trust the skill owner and have inspected the scripts that will use those tokens.
- If you prefer safer testing, request a trimmed-down version that prints API calls without sending tokens, or run the scripts in a sandboxed environment and inspect network traffic.
- Because the bundle omits the scripts, treat the current publish as incomplete/untrusted until the missing files and an install mechanism are provided and reviewed.
功能分析
Type: OpenClaw Skill
Name: redline
Version: 0.2.0
The skill's stated purpose is to provide live rate-limit awareness for AI APIs by reading authentication tokens from macOS Keychain and OpenClaw auth-profiles. The `SKILL.md` instructions for the AI agent direct it to run local scripts (`scripts/claude-usage`, `scripts/openai-usage`) and store their JSON output locally. While these scripts access sensitive tokens, the documentation explicitly states they are used to call legitimate API providers (Anthropic, ChatGPT) for usage data, not for exfiltration or other malicious activities. No evidence of intentional harmful behavior, unauthorized data exfiltration, persistence mechanisms, or malicious prompt injection against the agent is present in the provided files.
能力评估
Purpose & Capability
The declared purpose (checking Anthropic/Claude and OpenAI usage and pacing agent behavior) matches the actions described (reading tokens and calling usage APIs). However, the SKILL.md and README repeatedly reference CLI scripts (scripts/claude-usage, scripts/openai-usage) and OpenClaw integration while the skill bundle contains no code files or install spec. The skill metadata only lists python3 as a required binary but the instructions also require the macOS `security` CLI and OpenClaw to be installed. These missing/undeclared dependencies are an incoherence.
Instruction Scope
Runtime instructions explicitly tell the agent to read the Claude OAuth token from macOS Keychain (service 'Claude Code-credentials') and to read OpenClaw auth profiles at ~/.openclaw/agents/main/agent/auth-profiles.json. Those are sensitive credentials and filesystem reads outside the skill's declared requirements. The instructions also tell the agent to write heartbeat-state.json and to integrate pacing into HEARTBEAT.md. The scope of file and secret access is broader than what the skill metadata declares.
Install Mechanism
There is no install spec (instruction-only), which minimizes package install risk. However, the documentation and SKILL.md assume CLI scripts exist locally under ./scripts — they are not included. That mismatch means the skill as published is incomplete: either it expects external binaries/scripts to already be present (not declared) or the package omits required files.
Credentials
The skill declares no required environment variables or config paths, but the instructions require reading two credential sources (macOS Keychain entry and an OpenClaw auth-profiles JSON). Access to those secrets is proportionate to the stated functionality (you must have tokens to query usage), but because they are not declared in the metadata this is a transparency issue and a potential privacy risk. Users should expect the skill to access OAuth tokens and plan accordingly.
Persistence & Privilege
The skill does not request always:true and does not declare elevated persistent privileges. It will store ephemeral usage readings (heartbeat-state.json) per its instructions, which is normal for a pacing helper. Autonomous invocation is allowed by default (normal for skills) but this combined with the secret access noted above increases the blast radius if the skill were malicious.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install redline - 安装完成后,直接呼叫该 Skill 的名称或使用
/redline触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.0
Added OpenAI usage checker, improved Claude token expiry detection, full SKILL.md with pacing tiers and heartbeat integration docs
v0.1.0
redline 0.1.0 – Initial release
- Adds live rate-limit monitoring for Claude.ai and OpenAI (Plus/Pro/Codex) plans.
- Provides two CLI scripts: claude-usage and openai-usage for checking rate limit status.
- Implements a 4-tier pacing strategy (GREEN/YELLOW/ORANGE/RED) to maximize token usage efficiency.
- Supports heartbeat integration for automatic pacing and budget awareness.
- Offers both human-readable and JSON output for programmatic access.
- Requires Python 3 and specific authentication setup for each service.
元数据
常见问题
RedLine 是什么?
Live rate-limit awareness for Claude.ai (Max/Pro) and OpenAI (Plus/Pro/Codex). Never hit the red line again — your agent checks remaining budget every heartb... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 645 次。
如何安装 RedLine?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install redline」即可一键安装,无需额外配置。
RedLine 是免费的吗?
是的,RedLine 完全免费(开源免费),可自由下载、安装和使用。
RedLine 支持哪些平台?
RedLine 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 RedLine?
由 Weston Johnson(@wgj)开发并维护,当前版本 v0.2.0。
推荐 Skills