Llmrouter

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed LLM routing proxy skill with expected credential, network, and optional background-service behavior.

Before installing, review the upstream repository and requirements, keep provider keys or OAuth tokens out of shared files and repos, restrict config.yaml permissions, monitor provider billing, keep the proxy bound to localhost unless you intentionally expose it, and enable the LaunchAgent only if you want the router running continuously.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The documentation explicitly instructs users to place API keys or OAuth tokens in a local config file and then use those credentials to operate the router, but it provides no warning about secure storage, file permissions, secret redaction, or avoiding accidental commits. In a skill that proxies LLM traffic and may be run as a long-lived local service, this increases the chance of credential leakage through config files, logs, backups, or shell history.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal