← Back to Skills Marketplace

Yieldingbear

Name: Yieldingbear
Author: yieldingbear

by yieldingbear · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

128

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install yieldingbear

Description

Use Yielding Bear's unified LLM API for cost arbitrage and intelligent routing. Use when cutting AI costs, routing LLM requests, comparing model pricing, or...

Usage Guidance

This skill routes your prompts through a third-party service and requires an API key according to its instructions — but the registry metadata does not declare that key, and the publisher/homepage are unknown. Before using it: 1) Verify yieldingbear.com and the vendor (look for a privacy policy, docs, and reputation). 2) Never paste sensitive data or production prompts while testing — try harmless inputs first. 3) Avoid persisting secrets in shell rc files; prefer ephemeral env vars or a secrets manager. 4) If you plan to let agents call OpenAI-compatible endpoints, confirm how and when YB will be invoked so you don't accidentally route sensitive requests. 5) Ask the publisher or registry maintainer to correct the missing required env var (YIELDINGBEAR_API_KEY) in metadata and to provide a verified source/homepage. If you cannot validate the vendor and its policies, treat this skill as risky and avoid exposing confidential data to it.

Capability Analysis

Type: OpenClaw Skill Name: yieldingbear Version: 1.0.0 The skill bundle requests high-risk permissions (Bash, Write) and instructs the agent to modify the user's shell configuration (~/.zshrc) to persist an API key, which constitutes environment manipulation. While these actions are aligned with the stated purpose of setting up the 'Yielding Bear' LLM routing service, the provided Bash examples in SKILL.md lack input sanitization for the '$1' variable, creating a risk of JSON injection. Additionally, the instructions include a directive for the agent to automatically route OpenAI-compatible requests through the third-party endpoint (api.yieldingbear.com), which could lead to unintended data exposure if the agent reconfigures its internal behavior based on these instructions.

Capability Assessment

ℹ Purpose & Capability

The skill claims to be a unified LLM routing API and the SKILL.md shows exactly the network calls and usage you'd expect for that purpose (curl examples, an OpenAI-compatible base_url). However the registry metadata lists no required environment variables or primary credential while the instructions clearly require YIELDINGBEAR_API_KEY — this mismatch is unexpected and reduces trust. The source and homepage are marked unknown/none which prevents easy verification of the vendor.

⚠ Instruction Scope

Runtime instructions tell the agent/user to set and optionally append an API key to ~/.zshrc, and state the agent 'uses YB automatically when calling OpenAI-compatible endpoints.' That grants the third party broad access to any prompts or data sent through OpenAI-compatible flows. Persisting API keys in shell profiles is insecure and the automatic routing claim is vague — it could cause unexpected exfiltration of sensitive prompts if enabled without clear controls.

✓ Install Mechanism

This is an instruction-only skill with no install spec and no code files, so there is no installer or downloaded binary to review. That minimizes filesystem/installation risk, but means all risk is from network calls and the runtime instructions.

⚠ Credentials

The SKILL.md requires a single API key (YIELDINGBEAR_API_KEY) — reasonable for a third‑party API — but the registry does not declare this required env var or primary credential. That inconsistency is suspicious because users won't be warned at install time that a secret is needed. Additionally, instructions recommend storing the key in shell startup files (persistence of secrets in plaintext), which is disproportionate from a security best-practices perspective.

✓ Persistence & Privilege

The skill does not request 'always: true' and does not include install-time changes or system-wide configuration. It simply depends on an API key at runtime. Autonomous invocation is allowed by default but not a unique escalation here.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install yieldingbear
After installation, invoke the skill by name or use /yieldingbear
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Yielding Bear 1.0.0 — initial release - Launches unified LLM API for cost-efficient, intelligent routing across 16+ providers. - Automatic request routing to the cheapest capable AI model, saving 60–80% vs direct calls. - OpenAI-compatible API for drop-in replacement in existing agent/code. - Includes quick setup guide, example scripts for Bash and Python, and cost comparisons. - OpenClaw agent integration and custom tool usage instructions provided.

Metadata

Slug yieldingbear

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Yieldingbear?

Use Yielding Bear's unified LLM API for cost arbitrage and intelligent routing. Use when cutting AI costs, routing LLM requests, comparing model pricing, or... It is an AI Agent Skill for Claude Code / OpenClaw, with 128 downloads so far.

How do I install Yieldingbear?

Run "/install yieldingbear" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Yieldingbear free?

Yes, Yieldingbear is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Yieldingbear support?

Yieldingbear is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Yieldingbear?

It is built and maintained by yieldingbear (@yieldingbear); the current version is v1.0.0.

More Skills