AxonHub
PassAudited by ClawScan on May 15, 2026.
Overview
AxonHub appears to be a normal OpenClaw provider plugin that uses an AxonHub API key and routes model requests through a configured AxonHub gateway, with no artifact-backed malicious behavior found.
Before installing, confirm you trust the AxonHub endpoint you configure and are comfortable sending model prompts through it. Protect the AXONHUB_API_KEY, prefer HTTPS for non-local deployments, and review the model catalog after onboarding. The provided artifacts do not show malicious behavior, but the main runtime file excerpt is truncated, so this review has medium confidence.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The plugin can make authenticated requests to the configured AxonHub instance using the user's API key.
The plugin declares use of an AxonHub API key, which is expected for an authenticated provider gateway.
"providerAuthEnvVars": { "axonhub": ["AXONHUB_API_KEY"] }Use an API key intended for AxonHub, avoid sharing it, and prefer a scoped or revocable key if AxonHub supports one.
Conversation content sent to AxonHub models may leave the local OpenClaw environment and be processed by AxonHub or connected providers.
The core function is routing model requests through AxonHub, so user prompts and model traffic may pass through the configured gateway and upstream providers.
Route requests to 100+ LLM providers through a unified API gateway.
Configure only a trusted AxonHub base URL, understand its data handling policy, and avoid sending sensitive content unless that gateway is approved for it.
When enabled, the plugin code runs inside the OpenClaw plugin environment to register and operate the AxonHub provider.
The plugin is configured to load as OpenClaw provider code, including startup activation. That is expected for this type of provider plugin.
"activation": { "onStartup": true, "onProviders": ["axonhub"] }Install it only if you intend to use AxonHub as a provider, and keep it disabled or remove it if you no longer need that integration.
If the configured AxonHub instance returns incorrect model metadata, that metadata may be stored and influence later model selection or displayed capabilities.
Onboarding can persist the configured base URL and replace the stored AxonHub model list, which is normal for dynamic provider setup but affects future sessions.
axonhubProvider.baseUrl = resolvedBaseUrl; ... axonhubProvider.models = models.map((m) => ({ ...m }));Use a trusted AxonHub instance and rerun onboarding or edit configuration if the model catalog looks wrong.