AI/ML API LLM + Reasoning for OpenClaw
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent AIMLAPI chat helper, but it uses an API key and sends prompts to AIMLAPI, and its package metadata has a version/owner mismatch worth checking.
Install this only if you intend to use AIMLAPI chat-completions from OpenClaw. Confirm the publisher/version because the registry metadata and _meta.json differ, store the AIMLAPI key carefully, avoid using --apikey-file with arbitrary paths, and do not send prompts containing sensitive information unless you accept AIMLAPI’s data handling.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may not be looking at exactly the same owner/version identity shown in the registry listing.
The embedded package metadata differs from the supplied registry metadata, which lists a different owner ID and version. This is a provenance/version ambiguity, though the provided code remains coherent with the skill purpose.
"ownerId": "kn7eawz1fm8s9b4p37hf4z3fm580jpk8", "slug": "aimlapi-llm-reasoning", "version": "1.0.4"
Verify the publisher and version from a trusted ClawHub source before installing or using the skill.
A wrong --apikey-file path could cause the contents of that file to be used as the API bearer token, and your AIMLAPI key may incur account usage or billing.
The helper reads an AIMLAPI API key from the environment or a user-specified file and sends it as a bearer token. This is expected for the stated API-integration purpose, but it is sensitive credential handling.
api_key = os.getenv("AIMLAPI_API_KEY") ... pathlib.Path(args.apikey_file).read_text(encoding="utf-8").strip() ... "Authorization": f"Bearer {api_key}"Prefer AIMLAPI_API_KEY when possible; if using --apikey-file, pass only a dedicated API-key file with appropriate local permissions.
Any private text included in prompts or allowed extra JSON fields may be transmitted to AIMLAPI.
The script posts the constructed chat payload, including user and optional system messages, to AIMLAPI. This external provider flow is the core purpose of the skill and is disclosed, but it means prompt data is sent off-device.
DEFAULT_BASE_URL = "https://api.aimlapi.com/v1" ... data=json.dumps(payload).encode("utf-8")Use the skill only for prompts you are comfortable sending to AIMLAPI, and review provider data-handling terms for sensitive workloads.