ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Astrai Inference Router

v1.0.1

Route all LLM calls through Astrai for 40%+ cost savings with intelligent routing and privacy controls

2· 734·0 current·0 all-time
by@beee003

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for beee003/astrai-inference-router.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Astrai Inference Router" (beee003/astrai-inference-router) from ClawHub.
Skill page: https://clawhub.ai/beee003/astrai-inference-router
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: ASTRAI_API_KEY, ANTHROPIC_API_KEY
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install beee003/astrai-inference-router

ClawHub CLI

Package manager switcher

npx clawhub@latest install astrai-inference-router
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims BYOK (you keep provider keys) and local PII stripping, but plugin.py packages and sends provider keys to Astrai in the X-Astrai-Provider-Keys header, which contradicts the 'tokens stay with you' claim. The registry also lists ANTHROPIC_API_KEY as required while the code only requires at least one provider key — requiring a specific provider key (Anthropic) in metadata is inconsistent with the code and description.
!
Instruction Scope
SKILL.md asserts PII is stripped locally (enhanced/max modes) and that zero retention/EU routing can be enforced locally, but the plugin's intercept_request does not perform any PII stripping, redaction, or local enforcement — it merely sets headers and base_url. The runtime instructions therefore promise behaviors not implemented in the code, giving the agent broad discretion but no implemented safeguards.
Install Mechanism
No install spec (instruction-only) and no remote download/install steps are present, so the skill does not perform an installation that writes or executes additional artifacts beyond its included plugin.py. This lowers supply-chain installation risk.
!
Credentials
The skill requests ASTRAI_API_KEY (expected) and the registry lists ANTHROPIC_API_KEY as required (not justified by the code). The plugin requires at least one provider key and then transmits any found provider keys to Astrai — sending sensitive API keys for multiple providers to a third party is a significant privacy/credential-exposure action that is not proportionate to the claimed local-BYOK semantics.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system settings, and stores no credentials itself (it reads env vars). There is no evidence it gains persistent elevated privileges on the host.
What to consider before installing
Do not install or provide provider API keys until these contradictions are resolved. Specifically: (1) Ask the author to explain and document whether provider API keys are transmitted to Astrai and why — X-Astrai-Provider-Keys in plugin.py clearly sends them. If you want BYOK, keys must never be uploaded. (2) Ask for a concrete implementation (and tests) of the claimed local PII stripping; the current code does not perform any redaction. (3) Clarify why the registry requires ANTHROPIC_API_KEY when the plugin accepts any provider key — this mismatch may lead to unnecessary key exposure. (4) If you must test, only set ASTRAI_API_KEY in a throwaway account and do not set real provider keys; audit network traffic to confirm what is transmitted. (5) Prefer installing only after reviewing the upstream repo and confirming a privacy policy and server-side handling (retention, storage of keys). Because this skill transmits other providers' keys and claims protections that are not implemented, treat it as potentially exposing credentials and sensitive prompts until those issues are corrected.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Clawdis
EnvASTRAI_API_KEY, ANTHROPIC_API_KEY
Primary envASTRAI_API_KEY
latestvk97awygyzemzcv2a6akm9edb9h819btn
734downloads
2stars
2versions
Updated 3h ago
v1.0.1
MIT-0
@beee003
latest
Download

Astrai Inference Router

Route every LLM call through Astrai's intelligent router. Save 40%+ on API costs. Privacy controls built in.

What it does

  • Smart routing: Classifies each task (code, research, chat, creative) and picks the optimal model
  • Cost savings: Bayesian learning finds the cheapest provider that meets your quality threshold
  • Auto-failover: Circuit breaker switches providers when one goes down
  • PII protection: Personally identifiable information stripped before reaching any provider
  • EU routing: GDPR-compliant European-only routing with one setting
  • Budget caps: Set daily spend limits to prevent runaway costs
  • Real-time tracking: See exactly how much you're saving per request

Setup

  1. Get a free API key at as-trai.com
  2. Set ASTRAI_API_KEY in your environment or skill config
  3. Choose your privacy mode (default: enhanced)
  4. Done — all LLM calls now route through Astrai

Privacy Modes

  • standard: Full routing intelligence, normal logging
  • enhanced: PII stripped, metadata-only logging, region enforced
  • max: Zero data retention, EU-only, all PII stripped, no prompt logging

Environment Variables

VariableRequiredDescriptionDefault
ASTRAI_API_KEYYesYour API key from as-trai.com
PRIVACY_MODENostandard, enhanced, maxenhanced
REGIONNoany, eu, usany
DAILY_BUDGETNoMax daily spend in USD (0 = unlimited)10

External Endpoints

EndpointPurposeData Sent
https://as-trai.com/v1/chat/completionsLLM inference routingPrompts (with PII stripped if enhanced/max mode)
https://as-trai.com/v1/signupFree API key registrationEmail address

Security & Privacy

  • All requests authenticated via API key in Authorization header
  • PII stripping runs locally before any data leaves your machine (enhanced/max modes)
  • EU routing mode ensures prompts never leave European infrastructure
  • Zero data retention available in max privacy mode
  • No credentials are stored by the skill — only your API key in environment variables
  • Source code is fully open: github.com/beee003/astrai-openclaw

Model Invocation

This skill intercepts outgoing LLM API calls and reroutes them through the Astrai gateway. The gateway selects the optimal provider and model based on task type, cost, and quality. Your prompts are processed by third-party LLM providers (Anthropic, OpenAI, Google, Mistral, etc.) according to your region and privacy settings.

Pricing

  • Free: 1,000 requests/day, smart routing, failover
  • Pro ($49/mo): Unlimited requests, EU routing, PII stripping, analytics
  • Business ($199/mo): Multi-agent dashboards, compliance exports, SLA

Comments

Loading comments...