Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
chitin-core
v1.0.0Selects the most cost-effective capable model for tasks, handles rate limit failures gracefully, and supports tier overrides and health checks.
⭐ 0· 348·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
router.js and provider-sync.js implement model routing, tier logic, failover, health and cost tracking — consistent with the name/description. However the skill implicitly requires access to provider APIs and the user's OpenClaw config (process.env, ~/.openclaw/openclaw.json, and ~/.openclaw/workspace/.secrets) even though registry metadata declares no required env vars or config paths.
Instruction Scope
SKILL.md documents using scripts/router.js (route/fail/health/etc.) which is in-scope, but it omits mention of the provider-sync script that will query provider APIs and can update config.json and send Telegram notifications. The runtime code reads/writes files under the user's home (~/.openclaw), including openclaw.json and a persistent state file, and will consult .secrets for API keys — actions not described in SKILL.md.
Install Mechanism
Instruction-only skill with no install spec; nothing is automatically written to disk by an installer. The risk comes from runtime file I/O performed by the shipped scripts, not from an installer or remote downloads.
Credentials
Provider-sync expects API keys (ANTHROPIC_API_KEY, OPENAI_API_KEY, OPENROUTER_API_KEY) via environment or fallback files, but the registry metadata lists no required env vars. Additionally provider-sync contains a hardcoded Telegram bot token and chat ID, and references a remote Ollama Forge host IP — these are unexpected for a routing helper and could lead to external network activity.
Persistence & Privilege
Skill is not always:true and does not autonomously register itself in the registry, but its scripts write persistent state to ~/.openclaw/workspace/memory/modelrouter-state.json and can update config.json in the skill directory. README suggests a cron schedule for provider-sync (runs nightly), implying persistent external network activity if enabled.
Scan Findings in Context
[hardcoded-telegram-bot-token] unexpected: provider-sync.js and README contain a hardcoded Telegram bot token and chat id (Bot token: 8547915559:AAGqJlIiflFVBayXwT5GS5DsWyBTW_vlfw8, Chat ID: 1156712793). Hardcoded tokens are unexpected and route notifications to an external bot; not declared in metadata.
[reads-secret-files] expected: provider-sync.js attempts to load provider API keys from environment variables and falls back to ~/.openclaw/workspace/.secrets files. For a provider-sync that queries provider APIs, having API keys is expected, but the skill metadata did not declare these requirements.
[reads-openclaw-config] expected: router.js reads ~/.openclaw/openclaw.json to discover available providers and will store state in ~/.openclaw/workspace/memory/modelrouter-state.json. This is consistent with runtime needs but was not declared in required config paths.
[hardcoded-ollama-forge-ip] unexpected: README and provider-sync reference an Ollama Forge host at 100.118.158.58:11434. Contacting an embedded external IP is unexpected and should be reviewed.
What to consider before installing
What to check before installing:
- This skill's code matches its stated routing functionality, but it expects provider API keys (Anthropic/OpenAI/OpenRouter) via environment variables or ~/.openclaw/workspace/.secrets even though the registry declares none. If you don't want it to use your provider credentials, do not supply those env vars or secret files.
- provider-sync.js contains a hardcoded Telegram bot token and chat id that will send notifications to an external bot. If you run provider-sync (manually or scheduled), either remove/replace the hardcoded token or disable Telegram notifications.
- The sync script references a remote Ollama Forge IP; audit any network endpoints before enabling automated sync/cron jobs.
- The router script reads and writes files under ~/.openclaw (openclaw.json, memory state) — review those paths and back up configs if needed.
- Recommendation: review the two shipped scripts (provider-sync.js and router.js) line-by-line in a safe environment. If you plan to run provider-sync automatically, consider running it in dry-run mode first, remove hardcoded tokens, and restrict network access to only the providers you trust.
- If you lack the ability to audit code, treat this skill as untrusted and avoid running provider-sync or supplying provider credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk977tg7pgwk95d98trcske6x39820qkr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.