Azure OpenAI Proxy
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward Azure OpenAI proxy, but it requires running a local Node service that forwards prompts and an Azure API key, with optional persistence.
Install this only if you intend to route OpenClaw model traffic through Azure OpenAI. Keep the proxy bound to 127.0.0.1 unless you intentionally need network exposure, protect the Azure API key in OpenClaw configuration, verify the Azure endpoint/deployment values, and enable the optional systemd service only if you want the proxy to persist.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill means running a local server process from the skill files.
The setup explicitly asks the user to run the included Node.js proxy. This is central to the skill's purpose and not automatic, but it is local code execution.
node scripts/server.js
Review the included server.js before running it, and run it only from the installed skill directory you intended to use.
Your Azure OpenAI key is used by the local proxy to make Azure API calls, which can consume quota or credits.
The proxy receives an API key from OpenClaw request headers and forwards it to Azure. This is expected for Azure OpenAI, and the code does not show logging or unrelated use of the key.
const apiKey = req.headers['api-key'] || req.headers['authorization']?.replace('Bearer ', '') || ''; ... 'api-key': apiKeyUse a scoped, rotatable Azure key, keep OpenClaw configuration files private, and monitor Azure usage.
Prompts and any data included in model requests will be sent to the configured Azure OpenAI resource.
The proxy forwards chat completion request bodies to the configured Azure OpenAI endpoint. This provider data flow is the skill's purpose and uses HTTPS, but it means prompt contents leave the local machine.
hostname: config.azure.endpoint, port: 443, path: azurePath, method: 'POST' ... proxyReq.write(body);
Only route data to Azure that you are allowed to share with that Azure resource, and verify the endpoint environment variable before use.
If enabled, the proxy may keep running across sessions until the user disables the service.
The documentation includes optional steps to run the proxy persistently as a user-level service. This persistence is disclosed and user-initiated.
systemctl --user enable azure-proxy systemctl --user start azure-proxy
Enable the systemd service only if you want a long-running proxy, and disable it when no longer needed.
Users may be surprised by setup requirements that are documented in the skill but not declared in registry metadata.
Registry metadata does not declare the Node runtime, Azure environment variables, or Azure API-key use that the SKILL.md setup describes. This is an under-declaration note, not evidence of hidden behavior.
Source: unknown; Homepage: none; Required binaries: none; Env var declarations: none; Primary credential: none; No install spec
Before installing, read SKILL.md and confirm you have Node.js, the needed Azure endpoint/deployment values, and an Azure API key ready.