Is BlockRunAI/ClawRouter safe?
https://github.com/BlockRunAI/ClawRouter
ClawRouter is a legitimate LLM routing plugin that optimizes inference costs by directing requests to appropriate models. The skill operates as a local proxy, implements x402 micropayments using local wallet key signing, and connects to blockrun.ai for payment settlement. No malicious behaviors detected - all network/file accesses are documented operational requirements.
Category Scores
Findings (2)
INFO Wallet key access for payment signing 0 ▶
The skill reads BLOCKRUN_WALLET_KEY from the environment to sign EIP-712 payment transactions for the x402 micropayment protocol. This is required and documented behavior - the private key is used locally for cryptographic signing and never leaves the machine.
INFO Network calls to BlockRun API 0 ▶
The skill makes network requests to blockrun.ai for routing decisions and payment settlement. This is the intended operational behavior documented in the architecture.