Back to plugin

Security audit

ModelHunt Model Selector

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: select models using ModelHunt data, estimate costs, and invoke or install models through AI2Apps, with no unrelated credential requests.

This looks internally coherent for a model-selection and inference plugin. Before installing, confirm that you trust the configured endpoints, especially the AI2Apps inference URL, because generated-task prompts will be sent there when the tool invokes a model. Also note that the code logs request bodies and streaming responses, which may include prompts and generated content, so avoid using it with sensitive data unless you are comfortable with those logs. The visible source has some minor documentation/schema mismatches, but they look like functional quality issues rather than hidden unrelated behavior.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
openclaw.plugin.json:24
Evidence
"default": "http://127.0.0.1:3015"