NadirClaw
ReviewAudited by ClawScan on May 10, 2026.
Overview
NadirClaw’s purpose is coherent, but it installs an unpinned external router, changes OpenClaw’s model-routing configuration, and can leave a background proxy running without clear stop or rollback guidance.
Install only if you trust the NadirClaw package source. Before running onboarding, confirm that you want OpenClaw traffic routed through this local proxy, check where API keys and logs are stored, and make sure you know how to stop the background server and undo the config change.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may run code from an unreviewed package source that can affect how the user’s AI requests are routed.
The helper installs an external Python package without a version pin; combined with the registry showing unknown source and no homepage, users cannot easily verify what code will control LLM routing.
pip install nadirclaw 2>/dev/null || pip3 install nadirclaw
Verify the package source and maintainer before installing, prefer a pinned version, and review the upstream package code if available.
Future AI requests may be routed differently than before, which can affect cost, privacy, quality, and provider selection.
The skill changes OpenClaw’s provider configuration so future model calls route through NadirClaw, but the artifacts do not describe approval checkpoints, exact config scope, or rollback steps.
This writes NadirClaw as a provider in OpenClaw config with model `nadirclaw/auto`. No restart needed.
Only run onboarding after confirming the exact configuration change, and document or provide a clear undo command.
The router may keep running after setup and continue handling local LLM traffic until the user finds and stops it.
The included helper starts a long-running background proxy process and redirects logs to /tmp, with no corresponding stop or cleanup instructions in the artifacts.
nohup nadirclaw serve > /tmp/nadirclaw.log 2>&1 &
Provide clear start/stop/status/uninstall instructions and avoid background startup unless the user explicitly asks for it.
Users may be asked to configure provider credentials even though the registry metadata does not advertise credential requirements.
The router may need provider API credentials, which is expected for OpenAI/Anthropic/Google routing, but the registry metadata declares no primary credential or required environment variables.
If `nadirclaw serve` fails, check API keys: `nadirclaw setup`
Treat API keys as sensitive, verify where setup stores them, and use least-privilege provider keys where possible.
Routing decisions or session context may persist and influence later requests through the router.
The router keeps session state to maintain routing consistency, which is purpose-aligned but means conversation-related routing context can persist across requests.
Session persistence (no model bouncing mid-conversation)
Review NadirClaw’s storage, retention, and log settings before routing sensitive conversations through it.