← Back to Skills Marketplace
428
Downloads
1
Stars
0
Active Installs
43
Versions
Install in OpenClaw
/install sage-router
Description
Local-first AI model routing for serious agents. One endpoint. Any provider. The router figures out the rest.
Usage Guidance
This package implements a capable local model router, but it includes several convenience features that touch sensitive local state and can expose your router to the Internet. Before installing or running it, consider the following:
- Review grok_sso_proxy.py carefully and decide whether you want the Grok SSO feature: it will read browser cookie DBs by default and can call the Bitwarden CLI (bw) to unlock and fetch stored items. If you don't want that, do not set GROK_SSO_* env vars, do not run the proxy, and do not mount your browser profile or ~/.dario into the container.
- If you deploy the Cloudflare Worker + connector or follow the Cloud Run deployment, be aware you can (if misconfigured) expose your local router publicly. Never deploy provider keys, cookies, or .env files to public Cloud Run or other public clouds; follow the repo's own caution but double-check the commands (the provided Cloud Run script uses --allow-unauthenticated by default).
- Limit mounts: avoid mounting your real ~/.openclaw, ~/.dario, browser profiles, or ~/.ssh into an unvetted image. Instead run in an isolated VM/container and mount only the minimal config you trust.
- Disable autostart features you don't need: set SAGE_ROUTER_DARIO_AUTOSTART=0 and SAGE_ROUTER_BUNDLED_OLLAMA_AUTOSTART=0 if you don't want bundled daemons started.
- Audit env vars and secrets: the repo references analytics and Supabase/Firestore tokens. If you enable analytics mirroring, understand what telemetry is sent and where.
- If you lack time or expertise to audit the code, treat this as untrusted: run it in a disposable environment, or avoid enabling the Grok SSO features and remote tunnel. Ask the author to explicitly list all env vars and side-effects (cookie reading, Bitwarden use, autostart behaviors) in the top-level metadata before using on a machine with sensitive data.
Capability Analysis
Type: OpenClaw Skill
Name: sage-router
Version: 3.26.23
The sage-router bundle is a complex AI model routing gateway with several high-risk capabilities. Most notably, 'grok_sso_proxy.py' is designed to read and decrypt browser cookies (specifically from Brave/Chrome) and interact with the Bitwarden CLI ('bw') to retrieve credentials. Furthermore, the bundle includes a remote access tunnel implementation ('edge/cloudflare-ai-tunnel/worker.js' and 'scripts/sage_tunnel_connector.mjs') that allows remote execution of chat completions via WebSockets. While these features are aligned with the stated goal of providing a 'local-first' gateway for various AI providers, the combination of browser data access, credential manager interaction, and remote tunneling represents a broad and risky attack surface without clear proof of malicious intent.
Capability Tags
Capability Assessment
Purpose & Capability
The name/description (model routing, one endpoint) matches the codebase: router.py, provider discovery, and many provider integrations are present and coherent with the stated purpose. However, the package also bundles auxiliary components (grok_sso_proxy, Dario autostart, Ollama autostart, Cloudflare tunnel connector, analytics mirror) that require access to browser cookies, password manager CLI, local files, or remote services. Those capabilities are plausible for convenience features but are not reflected in the registry-level requirements (which list no envs, no required binaries). That mismatch (declared requirements empty vs. many implicit runtime dependencies/privileges) is concerning.
Instruction Scope
SKILL.md and included docs instruct running a user systemd service, mounting ~/.openclaw and optionally ~/.dario and Ollama model dirs, and starting the router. Separate GROK_SSO.md and grok_sso_proxy.py reveal runtime behaviors not obvious from top-level metadata: the proxy can read Chromium cookie DBs, accept cookie JSON files, encrypt/decrypt stored cookies, and call out to the 'bw' (Bitwarden) CLI to unlock and fetch stored credentials. The router also can autostart bundled Dario/Ollama and provides a Cloudflare Worker + connector to expose a remote tunnel. These instructions direct the agent (and the operator) to access/transmit sensitive local state and to set up remote tunnels; that scope goes beyond a simple routing proxy and should be highlighted to users.
Install Mechanism
There is no registry install spec (instruction-only), so nothing automatic is written to disk by the platform. However, the repo includes deployment scripts (systemd unit templates, Dockerfile/docker-compose, Cloud Run deploy script, Cloudflare worker) that, if followed, will create persistent services, mount host config directories (e.g., ~/.openclaw, ~/.dario, ~/.ollama), and (in the GCP script) deploy a public Cloud Run instance with --allow-unauthenticated and service secrets. Those published deployment instructions increase the real-world blast radius if operators follow them without isolating credentials or reviewing what gets mounted or exposed.
Credentials
Registry metadata lists no required environment variables, but the SKILL.md and many files reference many envs and secrets (SAGE_ROUTER_HOME, SAGE_ROUTER_DARIO_AUTOSTART, SAGE_TUNNEL_TOKEN, SAGE_ROUTER_SUPABASE_* and analytics tokens, GROK_SSO_* variables, BW_PASSWORD/BW_SESSION used by grok_sso_proxy). The grok_sso_proxy will call the 'bw' CLI to unlock a Bitwarden vault and read items, and will read browser cookie DBs by default — both of which access high-privilege secrets. Requesting or using these credentials is disproportionate to a minimal model router unless the user explicitly wants the Grok SSO convenience; the top-level skill metadata does not make this explicit.
Persistence & Privilege
The skill does not request 'always: true' and does not itself force inclusion. It does, however, include systemd unit templates and Docker/container deployment guidance that create persistent services under the user's account and persist telemetry and latency stats under ~/.cache and ~/.config by default. That behavior (installing a user service, persisting latency telemetry, autostarting bundled daemons) is normal for a long-running router but increases attack surface and should be done in an isolated environment if users are concerned.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sage-router - After installation, invoke the skill by name or use
/sage-router - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.26.23
Treat Darkbloom as approved decentralized infrastructure in local-first/local-strict routing while continuing to reject centralized APIs and Ollama :cloud models.
v3.26.22
Make local-first/local-strict reject external API providers and only allow local, LAN, or Tailnet endpoints; exclude Ollama :cloud models.
v3.26.21
Match ClawHub listing description to README tagline
v3.26.20
Sync ClawHub listing description and README badge with current README copy
v3.26.19
Document router.py model selection pseudocode in README and refresh listing copy
v3.26.18
Add sagerouter.dev login entrypoint and fix OpenAI-compatible tool call argument formatting
v3.26.17
Update README documentation
v3.26.16
Add Darkbloom provider support and Cloudflare-ready landing page MVP
v3.26.15
Add Ollama Cloud catalog scanning, compatible auto-pull, local Cloud auth fallback, and bundled Ollama Docker startup.
v3.26.8
Bundle Dario in Docker image for Anthropic-compatible requests; add llama.cpp classifier sidecar wiring; expose Dario health status.
v3.26.7
Add an opt-in local Ollama intent classifier for GPU/docker deployments, controlled by SAGE_ROUTER_INTENT_CLASSIFIER_* flags, with docker-compose wiring and health visibility.
v3.26.6
Add SAGE_ROUTER_OPENROUTER_FREE_ONLY to restrict OpenRouter discovery and configured models to :free model IDs only; configured locally for cost control.
v3.26.5
Add structured route-events JSONL telemetry and an analysis script for ranking provider/model performance by intent, latency, and success rate.
v3.26.4
Honor disabled providers during direct and gateway discovery so disabled API-backed providers such as Google are not contacted at startup or routing time.
v3.26.3
Relax incidental OpenClaw tool-definition routing so normal chat with tools present does not produce empty provider chains; keep explicit required tool use routed to tool-capable models.
v3.26.2
Fix OpenClaw streamed tool-chat routing by buffering provider responses into SSE, restore visible-output sanitization/OCR helper ordering, and merge 3.26.x ClawHub updates.
v3.26.1
Add OCR support, NVIDIA NGC provider, SHOW_MODEL_PREFIX feature, glm-ocr non-chat, earlcoin channels no-mention
v3.26.0
feat: dynamic multimodal/vision detection for all models based on name patterns
v3.25.0
feat: add vision capability and multimodal support for GPT-5.4/5.5 models
v3.24.2
Add NVIDIA Cloud auto-discovery config docs
Metadata
Frequently Asked Questions
What is Sage Router?
Local-first AI model routing for serious agents. One endpoint. Any provider. The router figures out the rest. It is an AI Agent Skill for Claude Code / OpenClaw, with 428 downloads so far.
How do I install Sage Router?
Run "/install sage-router" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Sage Router free?
Yes, Sage Router is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Sage Router support?
Sage Router is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Sage Router?
It is built and maintained by Earl Co (@earlvanze); the current version is v3.26.23.
More Skills