← 返回 Skills 市场
Yieldingbear
作者
yieldingbear
· GitHub ↗
· v1.0.0
· MIT-0
128
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install yieldingbear
功能描述
Use Yielding Bear's unified LLM API for cost arbitrage and intelligent routing. Use when cutting AI costs, routing LLM requests, comparing model pricing, or...
安全使用建议
This skill routes your prompts through a third-party service and requires an API key according to its instructions — but the registry metadata does not declare that key, and the publisher/homepage are unknown. Before using it: 1) Verify yieldingbear.com and the vendor (look for a privacy policy, docs, and reputation). 2) Never paste sensitive data or production prompts while testing — try harmless inputs first. 3) Avoid persisting secrets in shell rc files; prefer ephemeral env vars or a secrets manager. 4) If you plan to let agents call OpenAI-compatible endpoints, confirm how and when YB will be invoked so you don't accidentally route sensitive requests. 5) Ask the publisher or registry maintainer to correct the missing required env var (YIELDINGBEAR_API_KEY) in metadata and to provide a verified source/homepage. If you cannot validate the vendor and its policies, treat this skill as risky and avoid exposing confidential data to it.
功能分析
Type: OpenClaw Skill
Name: yieldingbear
Version: 1.0.0
The skill bundle requests high-risk permissions (Bash, Write) and instructs the agent to modify the user's shell configuration (~/.zshrc) to persist an API key, which constitutes environment manipulation. While these actions are aligned with the stated purpose of setting up the 'Yielding Bear' LLM routing service, the provided Bash examples in SKILL.md lack input sanitization for the '$1' variable, creating a risk of JSON injection. Additionally, the instructions include a directive for the agent to automatically route OpenAI-compatible requests through the third-party endpoint (api.yieldingbear.com), which could lead to unintended data exposure if the agent reconfigures its internal behavior based on these instructions.
能力评估
Purpose & Capability
The skill claims to be a unified LLM routing API and the SKILL.md shows exactly the network calls and usage you'd expect for that purpose (curl examples, an OpenAI-compatible base_url). However the registry metadata lists no required environment variables or primary credential while the instructions clearly require YIELDINGBEAR_API_KEY — this mismatch is unexpected and reduces trust. The source and homepage are marked unknown/none which prevents easy verification of the vendor.
Instruction Scope
Runtime instructions tell the agent/user to set and optionally append an API key to ~/.zshrc, and state the agent 'uses YB automatically when calling OpenAI-compatible endpoints.' That grants the third party broad access to any prompts or data sent through OpenAI-compatible flows. Persisting API keys in shell profiles is insecure and the automatic routing claim is vague — it could cause unexpected exfiltration of sensitive prompts if enabled without clear controls.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no installer or downloaded binary to review. That minimizes filesystem/installation risk, but means all risk is from network calls and the runtime instructions.
Credentials
The SKILL.md requires a single API key (YIELDINGBEAR_API_KEY) — reasonable for a third‑party API — but the registry does not declare this required env var or primary credential. That inconsistency is suspicious because users won't be warned at install time that a secret is needed. Additionally, instructions recommend storing the key in shell startup files (persistence of secrets in plaintext), which is disproportionate from a security best-practices perspective.
Persistence & Privilege
The skill does not request 'always: true' and does not include install-time changes or system-wide configuration. It simply depends on an API key at runtime. Autonomous invocation is allowed by default but not a unique escalation here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install yieldingbear - 安装完成后,直接呼叫该 Skill 的名称或使用
/yieldingbear触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Yielding Bear 1.0.0 — initial release
- Launches unified LLM API for cost-efficient, intelligent routing across 16+ providers.
- Automatic request routing to the cheapest capable AI model, saving 60–80% vs direct calls.
- OpenAI-compatible API for drop-in replacement in existing agent/code.
- Includes quick setup guide, example scripts for Bash and Python, and cost comparisons.
- OpenClaw agent integration and custom tool usage instructions provided.
元数据
常见问题
Yieldingbear 是什么?
Use Yielding Bear's unified LLM API for cost arbitrage and intelligent routing. Use when cutting AI costs, routing LLM requests, comparing model pricing, or... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 128 次。
如何安装 Yieldingbear?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install yieldingbear」即可一键安装,无需额外配置。
Yieldingbear 是免费的吗?
是的,Yieldingbear 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Yieldingbear 支持哪些平台?
Yieldingbear 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Yieldingbear?
由 yieldingbear(@yieldingbear)开发并维护,当前版本 v1.0.0。
推荐 Skills