Rei-Clawd
PassAudited by ClawScan on May 1, 2026.
Overview
Rei-Clawd transparently configures a third-party Rei model provider, but running it will store a Rei API key and change/restart Clawdbot configuration.
Install/run this only if you intend to use Rei as a Clawdbot model provider. Protect the Rei API key, review ~/.clawdbot/clawdbot.json after setup, keep the backup for rollback, and remember that using the Rei model sends relevant prompts/code context to coder.reilabs.org.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the setup can alter which model provider Clawdbot uses and restart the gateway.
The setup script directly edits the Clawdbot model-provider configuration; nearby instructions also restart the gateway. This is expected for the stated setup purpose, but it changes agent routing behavior.
jq --argjson rei "$REI_PROVIDER" '.models.providers.rei = $rei' "$CONFIG_FILE" > "${CONFIG_FILE}.tmp" && mv "${CONFIG_FILE}.tmp" "$CONFIG_FILE"Run it only when you intend to add Rei, review the resulting config, and keep the backup/revert path available.
Anyone with access to the Clawdbot config or a transcript where the key was pasted could potentially see the Rei API key.
The script collects a Rei API key and writes it into the provider configuration. This is necessary for the integration, but it is still sensitive credential handling.
read -p "Enter your Rei API key: " API_KEY ... "apiKey": "$API_KEY"
Use a dedicated, revocable Rei API key, avoid pasting it into shared chats, and protect ~/.clawdbot/clawdbot.json.
Users have less publisher/provenance context for a skill that changes local Clawdbot configuration.
The registry metadata does not provide a source repository or homepage. The included script contents are visible and simple, so this is a provenance note rather than a concrete unsafe behavior.
Source: unknown Homepage: none
Verify that you trust the registry owner and the coder.reilabs.org service before running the setup.
When Rei is selected, your model traffic may be processed by the external Rei endpoint.
The skill configures an external model endpoint. That is the core purpose, but future prompts, code, and context sent to the Rei model will leave the local Clawdbot environment.
Rei provides Qwen3 Coder via an OpenAI-compatible endpoint at `coder.reilabs.org`.
Use Rei only for data you are comfortable sending to that provider, and switch back or revert if you do not want that routing.