Evolink Router — Smart LLM Routing (Claude, GPT, Gemini, DeepSeek, Kimi)
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent instruction-only LLM routing skill, but installing it means your prompts and selected context may be sent through Evolink to multiple model providers using your Evolink API key.
Install this if you want OpenClaw to route model calls through Evolink. Before using it for sensitive work, check the provider’s privacy and billing terms, protect the API key, and consider narrowing the example spawn permissions if you do not want sub-agents to use any registered model.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Tasks may be dispatched to an external model selected by the router, which can affect cost, latency, and where prompt content is processed.
The skill intentionally lets the agent route tasks automatically rather than requiring a separate approval for each model choice.
All tasks are auto-routed. The user can also run `/route [task]` to preview the routing decision without executing.
Use `/route` for sensitive or expensive tasks, and override the model/provider when you need a specific destination.
Sub-agent use can increase cost and may route task context to additional models. The wildcard is broad if your OpenClaw config already has other registered models.
The recommended config allows the main agent to spawn sub-agents with any registered model, bounded by a maximum spawn depth.
"permissions": { "spawn": ["*"], "maxSpawnDepth": 2 }Consider narrowing spawn permissions to the Evolink models you actually want, and keep the max spawn depth limit.
Anyone who obtains the key could potentially use your Evolink account or spend credits.
The skill requires a provider API key that authorizes model usage through Evolink.
`EVOLINK_API_KEY` authenticates all model requests. Injected by OpenClaw automatically. Treat as confidential.
Use a dedicated Evolink key, store it only in OpenClaw’s normal secret mechanism, monitor usage, and revoke it if exposed.
Sensitive documents, business data, or private conversation context included in prompts may be processed by Evolink and an upstream LLM provider.
The skill discloses that prompt data leaves OpenClaw and may be relayed to multiple upstream model providers.
Prompts are sent to `direct.evolink.ai`, which proxies to upstream providers (Anthropic, OpenAI, Google, etc.).
Review Evolink and upstream provider privacy terms before routing confidential data, and use a different provider or local workflow for highly sensitive tasks.
Users may rely on this retention claim when deciding whether to send sensitive prompts through the service.
The skill makes a strong privacy/retention claim about Evolink’s handling of prompts, while the artifacts do not provide an external policy or technical proof.
No data is stored by Evolink beyond the request lifecycle.
Verify Evolink’s current privacy policy and note that upstream providers may have their own retention rules.