Clawrouter
ReviewAudited by ClawScan on May 10, 2026.
Overview
ClawRouter appears to be a clearly disclosed hosted LLM proxy, but users should know prompts leave the machine and a local crypto wallet key is stored for per-request payments.
Install only if you are comfortable using a hosted LLM gateway, sending prompts to Blockrun/provider services, and maintaining a funded local wallet for payments. Keep the wallet balance small, protect your OpenClaw config file, and verify the npm package source before use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you fund the wallet, requests can spend from it, and anyone who obtains the plaintext config key could potentially steal or spend those funds.
The skill persistently stores crypto private keys and uses them to authorize payments. The behavior is disclosed and purpose-aligned, but compromise of the config could expose spendable funds.
`walletKey` ... EVM private key used to sign USDC micropayments via x402 ... Keys live in the OpenClaw user config file ... Stored in plaintext
Use a dedicated low-balance wallet, fund only what you intend to spend, protect the OpenClaw config file and disk, and rotate the wallet if the machine may be compromised.
Prompts, messages, tool parameters, and related request data may be processed by Blockrun and third-party model providers.
The data flow sends full prompts through Blockrun and downstream hosted model providers. This is explicitly disclosed and matches the hosted-router purpose, but it affects privacy.
Your app → localhost proxy (ClawRouter) → https://blockrun.ai/api ... OpenAI / Anthropic / Google / etc.; Sent to blockrun.ai on every request: ... the full prompt/messages body
Do not use this skill for workloads that must remain local or contain data you would not send to a hosted LLM API.
The runtime behavior depends on the npm package contents and future package integrity, not just the visible SKILL.md text.
The skill installs and runs an external npm package. This is expected for the local proxy, but the supplied artifacts did not include the package code for static review.
node | package: @blockrun/clawrouter | creates binaries: clawrouter
Verify the npm package and GitHub repository, prefer a pinned version matching the published skill version, and install only from a source you trust.