Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Prompt-Router
v1.0.0基于文本匹配的快速路由引擎,为简单任务提供零 LLM 决策的快速路径。支持中英文混合输入,自动匹配技能/工具,低置信度时降级到 LLM 语义路由。
⭐ 0· 11·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description claim a local text-matching router. However the package includes utilities (fix_skills.py, generate_metadata.py) that modify other skills' SKILL.md files, plus docs/scripts for publishing and auto-PR creation. Automatically editing other skills' metadata and creating PRs/publishing is not strictly required for a routing decision engine and broadens the skill's authority over the agent ecosystem.
Instruction Scope
SKILL.md and other docs instruct collecting route logs (including raw prompts), creating cron jobs for daily/weekly/monthly automated analysis, auto-generating triggers and PRs, and modifying using-superpowers to call the router. The runtime integration script reads skills from a user workspace and returns matched prompt content. These instructions involve reading and writing local skill metadata and persistent logging of user prompts (potentially sensitive), which goes beyond a simple in-memory routing decision.
Install Mechanism
There is no install spec (code is shipped with the skill). That lowers supply-chain risk compared with remote downloads. The code writes/edits files on disk (e.g., SKILL.md in skills dir), which is expected given the provided scripts but still means the package is capable of modifying local files.
Credentials
The skill does not declare required environment variables or credentials, yet the docs and automation reference GitHub/ClawHub/Discord/email actions (creating PRs, publishing, sending alerts). Those operations would require tokens/credentials not declared by the skill. The code also hardcodes Windows-style absolute paths (C:/Users/User/.openclaw/...), meaning it assumes write access to the user's skills/workspace directories and may fail or behave unpredictably on other environments.
Persistence & Privilege
always:false (normal), but the repository includes scripts and docs that create persistent behaviors: scheduled cron jobs, local logs (~/.../output/prompt-router/logs/), and automated trigger updates that write changes to other skills and generate PRs. While these actions are not automatically run on install, the provided automation makes it straightforward to grant the skill lasting capability to modify the user's skills and to collect historical prompts.
What to consider before installing
This package appears to implement a useful local routing engine, but it also contains scripts and documentation that will: 1) collect and persist raw prompts and routing logs (which can contain sensitive data), 2) modify other skills' SKILL.md files (fix_skills.py, generate_metadata.py), and 3) provide automation to create PRs/publish and schedule recurring jobs. Before installing or enabling automated workflows: - Review the code paths that write files (fix_skills.py, generate_metadata.py, scripts/*) and decide whether you trust automatic edits to your skills directory. - Disable or inspect any cron/scheduling steps; do not add cron jobs until you verify behavior. - Check for any functions that perform network actions (create_pr, send_to_discord, send_email, create_issue) and ensure they require explicit credentials and you control them. - If you want the router but not the meta-editing/auto-update behavior, run only the router module (scripts/router.py / scripts/integration.py) and do not run fix/generate/auto-update scripts. - Run the skill in a sandbox or non-production workspace first, and audit the logs directory for sensitive content. If you want, I can point to the exact lines/functions that modify files or log prompts so you can inspect them further.Like a lobster shell, security has layers — review code before you run it.
latestvk974jseydgwfpe3zchfnedkc5x848j8z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.