Back to plugin
Pluginv1.0.0
ClawScan security
LLM Router · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 7:41 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The package is internally consistent: it wraps an AIsa LLM-router client, requires only AISA_API_KEY (which it uses to call api.aisa.one), and its files/instructions match that purpose.
- Guidance
- This package will send messages and (optionally) images to AIsa's API (api.aisa.one) using the AISA_API_KEY you supply. Only provide an API key you trust with the data you'll send; avoid sending sensitive secrets or PII through the router. Verify AIsa's data-retention and billing policies before use and ensure you understand which models and providers may incur costs. If you require offline or self-hosted routing, this package is not suitable without code changes.
Review Dimensions
- Purpose & Capability
- okName/description state this is an AIsa-backed LLM router. The package files (openclaw.plugin.json, SKILL.md, and the Python client) all declare and use AISA_API_KEY and call api.aisa.one. Requested credential and bundled client code are appropriate for the stated purpose.
- Instruction Scope
- okSKILL.md and the included Python script limit runtime actions to CLI use and HTTP calls to the AIsa API (chat, vision, models, compare). Guardrails explicitly forbid requesting extra credentials. The instructions reference only repo-relative scripts and the declared env var.
- Install Mechanism
- okNo install spec is provided (instruction-only wrapper plus bundled scripts); code is shipped in-repo. No external downloads or archive extraction are performed by the package files, so there is low install risk.
- Credentials
- okOnly AISA_API_KEY is required and is used by the bundled client to authenticate to api.aisa.one. There are no unrelated environment variables, credentials, or config paths requested.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills, and relies on a normal API key config. Agent autonomy is default but not combined with elevated privileges here.