Back to skill
Skillv1.0.0
ClawScan security
Spendex AI Router · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 4:08 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and runtime instructions are coherent with its stated purpose (routing LLM requests through Spendex) and it only requires a Spendex API key plus curl/jq — no unexplained privileges or installs.
- Guidance
- This skill will send any user prompt you give it to Spendex's APIs — you must trust Spendex with the plaintext of prompts (including any sensitive content). Before installing: confirm the Spendex domain (spendex.ai / app.spendexai.com), review their privacy/security policy and how they store/rotate your provider keys, only set SPENDEX_API_KEY in a secure environment, avoid sending secrets in prompts, and consider whether you want a third party to see your prompts or host your provider keys in their dashboard.
Review Dimensions
- Purpose & Capability
- okName/description (LLM router, cost-tracking, BYOK) matches the instructions: all examples call Spendex endpoints and the README tells users to add provider keys in the Spendex dashboard. Required binaries (curl, jq) and required env var (SPENDEX_API_KEY) are appropriate for an HTTP-based router.
- Instruction Scope
- okSKILL.md explicitly instructs the agent to POST prompts to Spendex API endpoints and to query Spendex for balances/usage. It does not attempt to read unrelated files, other env vars, or system config. Note: routing prompts to a third party means user-provided prompts (which may contain sensitive data) will be sent to Spendex — this is expected behavior but an important privacy consideration.
- Install Mechanism
- okInstruction-only skill with no install spec or downloaded code. This is low-risk: nothing is written to disk or installed by the skill itself.
- Credentials
- okOnly SPENDEX_API_KEY is required. The SKILL.md does not request provider API keys directly (it tells users to configure them in Spendex dashboard), so environment/credential requests are minimal and proportional.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-level configuration or other skills' credentials. Normal autonomous invocation is allowed (disable-model-invocation=false) but that is the platform default and not by itself a red flag.