ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Smart Router

v1.0.0

Automatically routes AI requests to cost-optimal models based on task complexity and budget, saving 30-50% on model expenses with adaptive learning.

0· 924·4 current·4 all-time
by@atlaspa
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code, docs, and hooks match the advertised purpose: analyzing request complexity, selecting models, learning patterns, and tracking costs. Required binary ('node') and npm dependencies (better-sqlite3, express, commander) are consistent with a local router + dashboard + DB. One mismatch: SKILL metadata declared no required config paths, but implementation intends to create and use a local DB and config under ~/.openclaw/openclaw-smart-router (documented in README/DATABASE-IMPLEMENTATION). This is not catastrophic but should be explicit.
!
Instruction Scope
SKILL.md and the hook files explicitly intercept every request (request-before hook), analyze prompt/context, and modify the model selection before calls — so the skill will see the content of all proxied prompts/contexts and provider usage data. That is coherent for a router, but the instructions also state 'Agent can autonomously pay via x402 without human approval' and provide CLI commands to subscribe and trigger payments. Allowing an agent to autonomously create/complete payment transactions increases operational and financial risk and expands the scope beyond mere routing/analytics.
Install Mechanism
No external download URLs are used; code is packaged with package.json and standard npm dependencies. There is no install script that pulls arbitrary remote binaries. Installation is typical for a Node skill (npm + local setup). The skill will create local files (DB, config) and start an Express dashboard — these are expected but should be noted by operators.
!
Credentials
The skill declares no required environment variables or primary credential, which is consistent with the manifest, but it integrates x402 payments and references an agent wallet (agentWallet) for quotas/payments. The mechanism for actually signing/transmitting payments is not clear in the provided materials: no credential request is declared, so it likely relies on platform-level agent wallet capabilities. That design is plausible but raises proportionality questions: a routing utility enabling autonomous payments (even at a small recurring amount) should clearly document how payments are authorized, what external endpoints are contacted, and whether any private keys, service tokens, or webhooks are used. The DB and logs will store usage/payment metadata locally; the skill may also record token usage and selection history — acceptable for learning but privacy-sensitive.
Persistence & Privilege
always:false (not force-included) which is appropriate. The skill registers runtime hooks (request:before, provider:after, session:end) so it will be invoked for relevant lifecycle events — normal for this purpose. It persists state in a local SQLite DB and exposes an Express dashboard (default port referenced in docs). The combination of autonomous invocation + payment capability increases blast radius (agents could autonomously trigger recurring payments) — not forbidden, but this is a non-trivial privilege that users should explicitly authorize and audit.
What to consider before installing
What to check before installing: - Understand privacy: this skill intercepts every request (prompts, context, usage) and stores analysis/metrics locally. If you send sensitive prompts, review what the code stores and logs. - Review payment behavior: the skill advertises x402 agent payments and states agents can pay for Pro without human approval. Inspect src/x402.js (and any payment-handling code) to see how transactions are initiated and authorized. Confirm whether payments require user-held private keys, platform wallet signing, or external services. If unclear, disable or restrict payment features until you verify the flow. - Confirm dashboard/server exposure: the code depends on express and runs a dashboard (docs cite http://localhost:9093). Ensure it binds only to localhost or is otherwise firewalled if you don't want external access. - Review storage location and retention: the skill will create ~/.openclaw/openclaw-smart-router and a SQLite DB. Decide whether that is acceptable and audit what fields (token counts, selection reasons, any text excerpts) are persisted. - Test in a sandbox: run the skill in an isolated environment to see runtime network calls and what the skill logs/creates. Monitor outbound connections during 'subscribe' or x402 flows. - Consider limiting autonomy: if your platform allows it, disable autonomous agent payments or require explicit human approval for subscriptions. Also limit which agents are permitted to use this skill until you have confidence in payment authorization and data handling. Given the explicit autonomous payment capability and persistent hooks over all requests, exercise caution: the skill appears coherent with its stated routing purpose but the payment/financial automation and persistent data collection are notable risk vectors that should be reviewed and constrained if you proceed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a3ht8mmaehg4j7dtgmcsndn810yn7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎯 Clawdis
OSmacOS · Linux · Windows
Binsnode

Comments