LLM Router Gateway
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears coherent for a third-party LLM gateway, but it will use your AISA API key and send prompts or images to AISA and routed model providers.
This skill is reasonable for using AISA as an LLM gateway. Before installing, confirm you trust the AISA service and publisher, use a dedicated API key, monitor billing, and avoid sending sensitive prompts or images unless you are comfortable with the gateway and routed providers processing them.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent using this skill can consume quota or incur costs on the configured AISA account.
The client reads the AISA_API_KEY credential and uses it as a bearer token for requests to the external gateway.
self.api_key = api_key or os.environ.get("AISA_API_KEY") ... "Authorization": f"Bearer {self.api_key}"Use a dedicated or scoped AISA key if available, keep it out of chat content and logs, and monitor usage or billing.
Prompt text, documents pasted into prompts, and image inputs may leave the local environment and be processed by AISA and routed model providers.
The skill is designed to send user prompts, messages, and potentially image URLs or image data to an external LLM routing service.
POST https://api.aisa.one/v1/chat/completions ... Analyze images by passing image URLs or base64 data
Do not send secrets, regulated data, or private images unless the AISA and downstream-provider terms meet your privacy requirements.
A single request may be sent to multiple models, increasing cost and widening the set of services that receive the prompt.
The documented comparison and fallback workflows can intentionally make multiple provider calls for one user task.
"Compare responses from GPT-4, Claude, and Gemini for the same question" ... "If GPT-4 fails, automatically try Claude, then Gemini"
Set clear model lists, budgets, and approval expectations before using comparison or automatic fallback on sensitive or expensive tasks.
Users have less independent provenance information when deciding whether to trust the gateway client and publisher.
The registry information does not identify a source repository or provenance for the skill package.
Source: unknown
Verify the publisher, homepage, API endpoint, and pricing or privacy documentation before using this skill for important workloads.