Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Which LLM? Deterministic model selection for agents
v1.0.18Deterministic decision-ranking API with HTTP 402 payments and outcome credits.
⭐ 0· 1.7k·2 current·3 all-time
by@zapkid
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill purpose (deterministic model-selection via a Which‑LLM API) matches the SKILL.md and skill.json content: endpoints, pricing, and a payment flow. However, registry metadata provided to you earlier lists no required credentials, while both SKILL.md and skill.json declare credentials_required: true and primary_credential: WALLET_CREDENTIALS. That mismatch is an inconsistency that should be clarified.
Instruction Scope
The runtime instructions are narrowly scoped to outbound HTTPS calls to api.which-llm.com and handling HTTP 402 payment flows. The skill does not instruct reading arbitrary host files or other system resources. However, it repeatedly requires that the 'AI bot needs access to a crypto wallet' for paid calls without specifying how wallet access or signing is to be performed — this ambiguity increases risk because it could lead to insecure handling of private keys or unclear operational behavior.
Install Mechanism
This is instruction-only with no install spec, no downloads, and no code written to disk — the lowest-risk install mechanism. There are no suspicious install URLs or extracted archives.
Credentials
Requiring WALLET_CREDENTIALS is proportionate to a paid HTTP 402 model, but the skill declares 'sensitivity: high' and 'credentials_required: true' while the registry metadata you were shown earlier claimed no required env vars — an unexplained discrepancy. 'WALLET_CREDENTIALS' implies access to private keys or signing capability (high privilege). The skill does not explain whether the wallet must be fully exposed to the skill, if signing should happen via a host-managed signing service, or whether ephemeral signing tokens can be used. That ambiguity can lead to over-sharing highly sensitive secrets.
Persistence & Privilege
The skill is not always-on, does not request to modify other skills or system settings, and does not write to disk on install. Invocation and approval policies in skill.json indicate per-request approval is expected, which reduces risk if enforced by the host.
What to consider before installing
Before installing or enabling this skill: (1) Clarify the WALLET_CREDENTIALS requirement — ask the publisher how the wallet is used and whether signing can be performed by a host-managed signer (so private keys are never exposed to the skill). (2) Do not place private keys or raw seed phrases in environment variables accessible to third-party skills; prefer an external signing service or hardware-backed wallet. (3) Verify the payment addresses and the which-llm.com endpoints across independent sources (DNS, HTTPS, ENS TXT records) as the skill itself recommends — do not send funds until you have independently confirmed recipients. (4) Ensure your host enforces per-request user approval for outbound network calls and payments. (5) Ask the maintainer to resolve the metadata mismatch (registry metadata vs SKILL.md/skill.json) — that inconsistency should be fixed before trusting the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk9775qvvc47ef2yk483w4b6nts82n94h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.