ClawHub

LLM Council Router

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill does what it says: it sends prompts to LLM Council for model routing, with the main risk being external sharing of prompt content.

Install only if you are comfortable sending routed prompts to LLM Council, and to OpenRouter if you use the chaining example. Avoid routing secrets, private documents, regulated data, or proprietary prompts unless you have reviewed those services' data handling terms. Use dedicated API keys and monitor quota usage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill is marked user-invocable and described broadly as routing any prompt to the best-performing LLM, which can cause it to activate for ordinary conversation rather than only explicit model-selection requests. That broad trigger surface matters because activation sends user content to an external routing service, increasing unintended data disclosure risk.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The 'When to use this' guidance includes vague automatic-use conditions like 'when you need to decide which LLM to use,' which encourages background invocation without an explicit user request. In this skill, that ambiguity is dangerous because invoking it transmits the user's prompt to third-party services.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation instructs sending the user's query to LLM Council and then to OpenRouter but does not include a prominent user-facing warning that their prompt will be transmitted to external services. This omission can lead to silent exfiltration of sensitive prompts, credentials, proprietary data, or regulated information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal