Openclaw Router
v0.1.0Intelligent Model Routing - Save 60% on AI Costs / 智能路由系统 - 节省 60% 成本
⭐ 0· 382·2 current·2 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name, description, and code files are coherent with an intelligent model routing tool that can prefer local models and call cloud providers. However the SKILL.md metadata declares no required environment variables while other docs and code reference provider API keys and credential paths — this mismatch reduces transparency about what the skill will access.
Instruction Scope
Runtime instructions are mostly limited to install/config/enable and reference a user config at ~/.openclaw/router_config.yaml. But multiple documentation files (GLOBALIZATION.md and others) and likely the code auto-detection logic indicate the skill will read environment variables and service credentials (OpenAI, Anthropic, Alibaba, AWS, Azure, Google) and a Google credentials path. The SKILL.md does not declare these reads, so the agent may access secrets/config outside the declared scope.
Install Mechanism
There is no external download/install spec in SKILL.md (instruction-only). The repository includes scripts and Python source files; nothing in the provided metadata attempts to pull code from an unknown URL or run an external extractor. Risk from installation is low if you only use the packaged code, but scripts like run_tests.sh/test_bugs.sh exist and would execute code if run.
Credentials
The skill's functionality (calling cloud LLM providers) reasonably requires provider API keys. However the skill declares no required environment variables in its metadata while numerous docs and source filenames imply it will auto-detect and use environment credentials (OPENAI_API_KEY, ANTHROPIC_API_KEY, DASHSCOPE_API_KEY, AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY, AZURE_*, GOOGLE_APPLICATION_CREDENTIALS, etc.). Requesting or reading broad platform credentials without declaring them is disproportionate from a transparency and least-privilege perspective.
Persistence & Privilege
The skill is not marked always:true and does not claim to modify other skills or system-wide settings. It writes/reads a config file in the user's home (~/.openclaw/router_config.yaml), which is reasonable for a router/config wizard. No elevated platform privileges are requested in metadata.
Scan Findings in Context
[docs-mention-cloud-env-vars] expected: Multiple documentation files (GLOBALIZATION.md, FREE_AND_OPEN_SOURCE.md, and others) list environment variables and credential locations for cloud providers (OpenAI, Anthropic, Alibaba, AWS, Azure, Google). Reading these variables is expected for multi-cloud model routing, but SKILL.md's declared requirements list no environment variables — a transparency mismatch.
[undeclared-credential-access] unexpected: SKILL.md metadata shows no required env vars or config paths, yet docs and code manifest imply the skill will read credentials (including GOOGLE_APPLICATION_CREDENTIALS path and AWS keys). The skill does not declare that it will access these secrets in its top-level metadata.
What to consider before installing
This package appears to implement an intelligent model router and includes source code; that is coherent with its description. However the docs and source reference many cloud-provider credentials and a home config file while the declared SKILL.md metadata lists no required environment variables. Before installing or enabling: 1) Inspect the Python source (src/) for where it reads environment variables and what it sends over the network; 2) If you must run it, use dedicated, limited-scope API keys (not high-privilege AWS root keys) or run in an isolated environment; 3) Consider running the code locally without enabling automatic network access or running install/test scripts until you audit them; 4) If you plan to supply cloud credentials, prefer service accounts with minimal scopes and rotate keys after testing; 5) If unsure, request the maintainer clarify declared env vars and exact endpoints called (and prefer skills whose SKILL.md lists required credentials).Like a lobster shell, security has layers — review code before you run it.
aiautomationcost-optimizationfreeglobali18nlatestllmmodel-selectionopenclawrouting
OpenClaw Router Skill
通用智能路由系统 - 自动选择最佳模型,节省 60% 成本
🚀 快速开始
安装
# 通过 ClawHub 安装
clawhub install openclaw-router
配置
安装后自动运行配置向导,或手动运行:
openclaw router config --init
启用
openclaw router enable
✨ 功能特性
🎯 智能模型选择
- ✅ 5 维度自评(知识/推理/上下文/质量/工具)
- ✅ 任务类型识别(代码/创意/分析/战略/学习/日常)
- ✅ 用户偏好学习
- ✅ 成本预算管理
💰 成本优化
- ✅ 本地模型优先(免费)
- ✅ 边界情况验证(L2)
- ✅ 复杂任务专家(L3)
- ✅ 预计节省 60% 成本
🌍 全场景支持
- ✅ 纯本地部署
- ✅ 纯云端部署
- ✅ 混合部署
- ✅ 多云端部署
- ✅ 企业私有化
📊 透明追踪
- ✅ Token 用量显示
- ✅ 成本实时追踪
- ✅ 套餐剩余监控
- ✅ 预算告警
📋 支持的模型
本地模型(Ollama)
| 模型 | 适用场景 | 成本 |
|---|---|---|
| qwen2.5:7b | 简单问答 | ¥0 |
| qwen2.5:14b | 日常开发 | ¥0 |
| qwen2.5:72b | 复杂任务 | ¥0 |
云端模型
| 提供商 | 模型 | 适用场景 | 成本/1k tokens |
|---|---|---|---|
| 阿里云 | qwen3.5-plus | 日常主力 | ¥0.002 |
| 阿里云 | qwen3-max | 复杂推理 | ¥0.04 |
| 阿里云 | kimi-k2.5 | 长文本 | ¥0.04 |
| OpenAI | gpt-4 | 创意/英文 | ¥0.03 |
| Anthropic | claude-3 | 安全敏感 | ¥0.03 |
⚙️ 配置说明
配置文件位置
~/.openclaw/router_config.yaml
配置示例
version: "1.0.0"
models:
primary:
id: "qwen2.5:14b-32k"
location: "local"
verifier:
id: "dashscope/qwen3.5-plus"
location: "cloud"
expert:
id: "dashscope/qwen3-max"
location: "cloud"
thresholds:
mode: "balanced"
auto_pass: 3.5
verify_min: 3.0
verify_max: 3.5
escalate_below: 3.0
budget:
monthly: 200
currency: "CNY"
alert_at: [50, 80, 95]
💰 定价
免费版
- ✅ 基础路由
- ✅ Token 追踪
- ✅ 每月 1000 次请求
付费版(¥29/月)
- ✅ 无限请求
- ✅ 用户偏好学习
- ✅ 预算管理
- ✅ 时段优化
- ✅ 优先支持
企业版(¥199/月)
- ✅ 所有付费功能
- ✅ 多用户管理
- ✅ 自定义模型池
- ✅ API 访问
- ✅ SLA 保障
📖 文档
🤝 贡献
欢迎贡献代码!
git fork https://github.com/pepsiboy87/openclaw-router
git clone git@github.com:your-username/openclaw-router.git
git checkout -b feature/your-feature
git commit -m "Add your feature"
git push origin feature/your-feature
📄 许可证
MIT License
📞 支持
- 文档: https://github.com/pepsiboy87/openclaw-router
- Issue: https://github.com/pepsiboy87/openclaw-router/issues
- 邮箱: pepsiboy87@example.com
让每个 AI 助手都拥有智能路由能力!
Comments
Loading comments...