Self Hosted Ai
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent self-hosted AI setup guide, but users should verify the external packages and local-network security before processing sensitive data.
This skill appears benign and purpose-aligned for self-hosted AI. Before installing, verify the external packages, run the services on a trusted and firewalled network, and check what the router logs or stores locally before sending sensitive prompts, audio, images, or documents.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package will execute third-party code outside the reviewed skill artifact.
The skill directs the user to install and run an external PyPI package, but the reviewed artifact set contains only SKILL.md and no package source or lockfile.
pip install ollama-herd # Self-hosted AI router from PyPI herd herd-node
Verify the PyPI/GitHub project, prefer pinned versions, and install in an isolated environment before using it with sensitive data.
Prompts, images, audio, or documents may be processed by other machines on the local fleet.
The skill describes automatic local-network discovery and routing among machines, but the artifact does not describe authentication, encryption, or trust boundaries for those peer connections.
herd-node # run on each self-hosted machine — auto-discovers the router Self-hosted devices find each other automatically on your local network.
Use only on trusted networks, restrict the service with firewall rules, and check the upstream documentation for authentication and transport-security options.
Operational logs or routing state may remain on disk after use.
The metadata declares persistent local state and log files, while the visible documentation does not explain what data is retained there or how to clear it.
"configPaths":["~/.fleet-manager/latency.db","~/.fleet-manager/logs/herd.jsonl"]
Review the generated files before processing confidential data and clear or protect the log directory if needed.
Users might assume regulatory compliance or privacy guarantees that depend on their deployment, network controls, logging, and model/package behavior.
The documentation makes broad privacy and compliance claims that are not substantiated by the reviewed artifact.
Self-hosted compliance — HIPAA, GDPR, SOC2 — no third-party data processors
Treat the claims as marketing until you verify the deployment controls, logging behavior, and compliance requirements for your own environment.