💰 Reivo — AI 智能成本优化器
v0.4.4Reivo 是一款 AI 成本优化和保护层,实时追踪 AI 代理成本,设置预算限制,自动检测无限循环。智能路由可降低 40-60% 的成本,支持 OpenAI、Anthropic 和 Google 模型。
1· 174·0 当前·0 累计
by 安全扫描
OpenClaw
安全
high confidence该技能的要求、指令和包含的代码与基于代理的成本/防护服务一致,使用单个 REIVO_API_KEY。主要风险是通过第三方代理路由 LLM 流量的隐私/信任问题。
评估建议
该技能似乎如其所言:使用单个 REIVO_API_KEY 通过 Reivo 代理管理预算和路由请求。安装前,请考虑隐私/信任权衡。验证 Reivo 的隐私政策和开源防护仓库,如果需要保证。使用有限范围或项目范围的提供者密钥,先测试非敏感提示,并确认接收的 REIVO_API_KEY 与文档格式匹配(rv_...)。注意:注册表描述该技能为指令仅,但包中包含 Node 脚本——如果计划局部运行脚本,请审查它们(仅调用 app.reivo.dev 和 proxy.reivo.dev)。如果需要零第三方传输,请考虑自托管开源 reivo-guard。...详细分析 ▾
✓ 用途与能力
Name/description (cost tracking, budgeting, routing) match the declared requirement (REIVO_API_KEY) and the runtime behavior (calls to app.reivo.dev and proxy.reivo.dev). Required binaries (curl, node) are reasonable given the provided curl examples and Node scripts. No unrelated credentials or binaries are requested.
ℹ 指令范围
SKILL.md explicitly instructs routing provider API calls through Reivo's proxy endpoints and shows curl examples using REIVO_API_KEY to query the Reivo dashboard. This is consistent with the stated purpose, but it means end‑user prompts/requests will traverse a third party — the skill claims only metadata is stored, which is a privacy assertion the user should verify independently.
✓ 安装机制
There is no download/install spec; the skill is instruction-driven and includes local Node scripts. No remote archives or obscure URLs are fetched during install. package.json has no dependencies and tests mock fetch; nothing in the manifest indicates an elevated install risk.
✓ 凭证需求
Only REIVO_API_KEY is required (declared as primaryEnv). No unrelated secrets or config paths are requested. The number and type of env variables are proportionate to a hosted proxy/dashboard service.
✓ 持久化与权限
Skill is not forced always:true and uses the platform default of allowing model invocation. That normal autonomous invocation combined with access to a single service API key is expected for this use case. The main privilege implication is that if you route provider calls through the proxy you are entrusting Reivo with live request metadata (and possibly transit of prompt content).
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSmacOS · Linux
版本
latestv0.4.42026/3/27
修复必需二进制文件(添加 node,删除 jq/python3),将提供者密钥管理移动到仪表板以提高安全性
● 无害
安装命令
点击复制官方npx clawhub@latest install reivo
镜像加速npx clawhub@latest install reivo --registry https://cn.longxiaskill.com
技能文档
您现在拥有 Reivo,一款 AI 成本优化和保护层。...(完整的 SKILL.md 中文翻译,太长省略)