ClawHub

Spendex AI Router

v1.0.0

Smart AI router — automatically picks the best & cheapest LLM for every prompt. BYOK, tracks costs, enforces budgets. Supports 25+ providers.

0· 166·0 current·0 all-time
by@ldws123
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (LLM router, cost-tracking, BYOK) matches the instructions: all examples call Spendex endpoints and the README tells users to add provider keys in the Spendex dashboard. Required binaries (curl, jq) and required env var (SPENDEX_API_KEY) are appropriate for an HTTP-based router.
Instruction Scope
SKILL.md explicitly instructs the agent to POST prompts to Spendex API endpoints and to query Spendex for balances/usage. It does not attempt to read unrelated files, other env vars, or system config. Note: routing prompts to a third party means user-provided prompts (which may contain sensitive data) will be sent to Spendex — this is expected behavior but an important privacy consideration.
Install Mechanism
Instruction-only skill with no install spec or downloaded code. This is low-risk: nothing is written to disk or installed by the skill itself.
Credentials
Only SPENDEX_API_KEY is required. The SKILL.md does not request provider API keys directly (it tells users to configure them in Spendex dashboard), so environment/credential requests are minimal and proportional.
Persistence & Privilege
always is false and the skill does not request persistent system-level configuration or other skills' credentials. Normal autonomous invocation is allowed (disable-model-invocation=false) but that is the platform default and not by itself a red flag.
Assessment
This skill will send any user prompt you give it to Spendex's APIs — you must trust Spendex with the plaintext of prompts (including any sensitive content). Before installing: confirm the Spendex domain (spendex.ai / app.spendexai.com), review their privacy/security policy and how they store/rotate your provider keys, only set SPENDEX_API_KEY in a secure environment, avoid sending secrets in prompts, and consider whether you want a third party to see your prompts or host your provider keys in their dashboard.

Like a lobster shell, security has layers — review code before you run it.

aivk97c8pyrprtajxj5xd989jndyd82sn2tbudgetvk97c8pyrprtajxj5xd989jndyd82sn2tbyokvk97c8pyrprtajxj5xd989jndyd82sn2tcost-optimizationvk97c8pyrprtajxj5xd989jndyd82sn2tlatestvk97c8pyrprtajxj5xd989jndyd82sn2tllmvk97c8pyrprtajxj5xd989jndyd82sn2troutervk97c8pyrprtajxj5xd989jndyd82sn2t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl, jq
EnvSPENDEX_API_KEY

Comments