⚠The team behind this tool is not publicly identified. Treat with extra caution — anonymous authorship is a significant trust risk.

ClawRouter

Name: ClawRouter (D) — Security & Privacy Review
Item: ClawRouter
Rating: 1.7
Author: Limpid

LLM API

Overall score: 1.7Reviewed April 19, 2026

ClawRouter routes LLM decisions locally, but every prompt and response you send passes through BlockRun's operator backend — which has enabled OpenAI's data sharing program, meaning your prompts to OpenAI models may be used to train OpenAI. The tool is marketed as a privacy-preserving local router while its own Privacy Policy warns users not to send sensitive or confidential information.

Score Summary

Claim Accuracy2/5

Data & Privacy1/5

Security Posture2/5

Transparency2/5

Key Findings

›Every LLM call routes through BlockRun's operator backend — not directly to providers. The architecture diagram is explicit: Request → ClawRouter (localhost) → BlockRun API → OpenAI/Anthropic/Google/etc. BlockRun's Privacy Policy confirms it collects 'API requests and responses (prompts and completions)' and retains API logs for 30 days — source: https://github.com/BlockRunAI/ClawRouter (Architecture section), https://blockrun.ai/privacy.
›BlockRun has enabled OpenAI's data sharing program to receive complimentary daily tokens. The Privacy Policy states: 'Your prompts and completions sent to OpenAI models may be used by OpenAI to improve their models,' and explicitly warns: 'Do not send sensitive, confidential, or proprietary information to OpenAI models.' This is buried mid-page and not disclosed in the ClawRouter README — source: https://blockrun.ai/privacy.
›Installation is via a curl-piped shell script from blockrun.ai (curl -fsSL https://blockrun.ai/ClawRouter-update | bash). This gives a remotely-hosted script immediate root-equivalent execution on the user's machine. Users cannot inspect the script before execution using this pattern — source: https://github.com/BlockRunAI/ClawRouter (README Quick Start).
›The wallet private key is stored in plaintext at ~/.openclaw/blockrun/wallet.key. The README recommends chmod 600 but does not enforce this. The OpenClaw security scanner flags ClawRouter for 'env-harvesting' (reads private key + makes network calls); the README explains this as expected x402 protocol behavior, which is architecturally correct — but it means the tool necessarily combines private key access with outbound network calls — source: https://github.com/BlockRunAI/ClawRouter (README Troubleshooting).
›The headline claim 'save 78%' in the repository title conflicts with the body's own arithmetic, which shows a blended average of $3.17/M vs $75/M for Claude Opus — a 96% reduction. Neither figure is supported by a linked reproducible benchmark; both are theoretical distributions claimed by the project — source: https://github.com/BlockRunAI/ClawRouter (README Cost Savings table).