OpenClaw AntSeed
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill mostly matches its stated P2P model-routing purpose, but the included setup script can run unintended local code if used with crafted option values.
Review the setup script before using it, avoid passing untrusted or copied option values, and only make AntSeed the default model provider if you are comfortable sending future OpenClaw prompts through its P2P provider network.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a crafted value is passed for these options, running the setup script could execute unintended Python code on the user's machine.
Command-line arguments are inserted directly into a python3 -c program as raw Python expressions, with no numeric validation or escaping.
--context-window) CONTEXT_WINDOW="$2"; shift 2 ;; ... --max-tokens) MAX_TOKENS="$2"; shift 2 ;; ... 'contextWindow': ${CONTEXT_WINDOW},
'maxTokens': ${MAX_TOKENS}Do not run the helper script with untrusted arguments. The author should validate numeric options and pass values to Python via argv, environment variables, or JSON rather than interpolating them into executable code.
Prompts and conversation content may be visible to AntSeed providers or their upstream model services as part of the intended routing.
The documented data path sends model requests through P2P providers and upstream APIs outside the local machine.
OpenClaw → http://127.0.0.1:5005 (AntSeed buyer proxy) → P2P network → Provider node → Upstream API (OpenRouter, Anthropic, etc.)
Use this only for data you are comfortable sending through AntSeed’s provider network, and review AntSeed/provider privacy and trust expectations before making it your default.
You are trusting the current npm package and AntSeed plugin supply chain, not just the reviewed skill text.
The setup fetches external CLI and plugin code without version pins; this is central to the skill, but the installed code can change over time.
npm install -g @antseed/cli antseed plugin add @antseed/router-local-proxy
Install only if you trust the AntSeed packages, and prefer pinned versions or verified package integrity where possible.
A mistaken model choice or unwanted configuration change could route future OpenClaw activity through AntSeed until manually reverted.
The helper script persistently updates OpenClaw’s provider configuration and default model, affecting later OpenClaw sessions.
providers['antseed'] = { ... }
...
cfg.setdefault('agents', {}).setdefault('defaults', {}).setdefault('model', {})['primary'] = 'antseed/${MODEL}'Back up ~/.openclaw/openclaw.json before running setup, confirm the model before setting it as default, and keep clear rollback instructions.
If enabled, the AntSeed proxy can keep running in the background after reboot and continue exposing the local model endpoint.
The skill documents an optional persistent systemd service for the buyer proxy.
To run the proxy as a background service that survives reboots: ... sudo systemctl enable --now antseed-buyer
Enable the service only if you want persistent routing, and know how to stop or disable it with systemctl before installing it.