ClawHub
Back to skill
v1.0.0

Unified LLM Gateway - One API for 70+ AI models. Route to GPT, Claude, Gemini, Qwen, Deepseek, Grok and more

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:22 AM.

Analysis

This appears to be a straightforward LLM gateway, but users should know their AIsa API key and submitted prompts or images are sent to api.aisa.one.

GuidanceThis skill looks coherent for its stated purpose. Before installing, confirm you trust the AIsa/OpenClaw gateway, use a limited API key, and avoid sending sensitive prompts or images unless you are comfortable with the provider's data handling and billing terms.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown

The publisher/source provenance is not identified. This matters because the skill uses a credentialed external API, although the artifacts do not show a remote installer, hidden dependency, or unreviewed auto-execution path.

User impactYou have less assurance about who maintains the gateway integration before trusting it with an API key.
RecommendationVerify the skill publisher and AIsa/OpenClaw relationship before adding a real API key, especially for paid or sensitive workloads.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
scripts/llm_router_client.py
self.api_key = api_key or os.environ.get("AISA_API_KEY") ... "Authorization": f"Bearer {self.api_key}"

The helper reads an AIsa API key from the environment and sends it as a bearer token. This is expected for the stated LLM gateway purpose, but it grants access to the user's AIsa account and quota.

User impactRequests made through the skill may consume account quota or incur costs under the configured AIsa key.
RecommendationUse a dedicated, revocable API key with appropriate limits, and avoid exposing the key in prompts, logs, or shared shell history.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
scripts/llm_router_client.py
BASE_URL = "https://api.aisa.one/v1" ... return self._request("POST", "/chat/completions", data=payload, stream=stream)

The client sends chat payloads, and for vision requests image URLs plus prompts, to the external AIsa gateway. This is central to the skill's purpose, but it creates a third-party data boundary.

User impactPrompts, message history supplied to the call, and image URLs or image data may be processed outside the local environment by the gateway and routed model providers.
RecommendationDo not send secrets, private documents, or regulated data unless AIsa's privacy, retention, and routing policies meet your needs; give the agent clear limits on what content may be sent.