Back to skill
Skillv1.0.0
ClawScan security
LLM Router Gateway · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:36 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are consistent with a single-API LLM gateway: it only asks for a single AISA_API_KEY, uses curl/python3, and the included client talks to api.aisa.one as documented.
- Guidance
- This skill is internally consistent, but consider the real-world risks of centralizing many provider accesses behind one API key: the AISA_API_KEY grants the gateway operator visibility into all queries and can be used for billing or data retention. Before installing, verify the AIsa service (https://api.aisa.one / marketplace.aisa.one) and its privacy/billing terms, restrict the key's scope if possible, avoid sending sensitive data during testing, rotate keys regularly, and monitor usage/billing. If you need higher assurance, run the included Python client in an isolated environment and observe network traffic to confirm it only contacts the documented endpoints.
Review Dimensions
- Purpose & Capability
- okName/description (LLM Router) match the requested artifacts: required binaries (curl, python3), a single AISA_API_KEY, and a client that sends requests to https://api.aisa.one. All requested resources are appropriate for proxying requests to multiple LLM providers.
- Instruction Scope
- okSKILL.md and README instruct exporting AISA_API_KEY and calling the AIsa API endpoints (via curl or the provided Python client). The instructions do not ask the agent to read unrelated files, other environment variables, or system config, nor to send data to unexpected endpoints.
- Install Mechanism
- okNo install spec or remote downloads are present (instruction-only install). A single local Python script is included; it uses standard libraries. There are no extracted archives or external install URLs to evaluate.
- Credentials
- okOnly AISA_API_KEY is required and serves as the API credential for the documented endpoints. No unrelated secrets or multiple credentials are requested.
- Persistence & Privilege
- okalways is false (default). The skill does not request persistent system-wide changes or access to other skills' configs. Autonomous invocation is allowed but is the platform default and not a unique privilege here.