Skillv1.6.2

ClawScan security

Friday Router · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 16, 2026, 10:12 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and declared requirements are consistent with a model-routing/orchestration tool and do not request unexplained credentials or installers.
Guidance: This skill appears to do only model routing and is internally consistent, but before installing you should: (1) inspect the complete scripts/router.py (the provided listing was truncated) to confirm it truly only reads its own config.json and makes no unexpected network calls, shell execs, or reads of global OpenClaw config files; (2) review config.json to ensure model IDs point to trusted providers (OpenRouter entries are expected); (3) confirm your OpenClaw environment already has the OpenRouter API key configured (the skill relies on platform-level credentials rather than asking for them); and (4) note the SKILL.md enforces strict delegation (the main agent must call sessions_spawn and not answer directly), so be comfortable with that runtime behavior. If you want absolute assurance, request a full untruncated copy of router.py and grep for any reads of files outside the skill directory or calls that could leak data.

Review Dimensions

Purpose & Capability: okName/description (model router/orchestrator) aligns with what is present: a routing CLI/library and a local config.json containing model IDs and routing rules. The skill declares it uses OpenRouter model IDs and expects an OpenRouter API key to be configured at the platform level (OpenClaw) — this is consistent with a router that delegates to models via the platform's sessions_spawn API. There are some cosmetic name variants in files (Friday Router, IntentRouter, OpenRouterRouter / Codename: Centipede) but these are presentation differences and do not affect capability.
Instruction Scope: noteSKILL.md strictly instructs the agent to call the included router script to produce JSON spawn parameters and then to call sessions_spawn with the exact model ID; it also enforces not doing the task itself and not exposing gateway secrets. That scope is narrow and consistent with a router. Minor inconsistencies in example paths (python scripts/router.py vs python workspace/skills/friday-router/scripts/router.py) and truncated code in the provided listing prevent a full line-by-line confirmation; you should review the complete router.py to ensure no hidden file reads, network endpoints, or credential accesses beyond the claimed config.json. The SKILL.md’s hard stop on doing the task locally is unusual (behavioral constraint) but coherent with orchestration.
Install Mechanism: okNo install spec; instruction-only plus a local script file. No downloads, package installs, or archive extraction are present in the manifest — lowest install risk.
Credentials: okThe skill declares no required environment variables or credentials. It expects the broader OpenClaw environment to have an OpenRouter API key configured (reasonable for a router that delegates to OpenRouter model IDs). The skill also documents that it reads only its own config.json. There are no unrelated secret/env demands in metadata or SKILL.md.
Persistence & Privilege: okalways is false and disable-model-invocation is false (normal). The skill does not request persistent system-wide privileges or to modify other skills. It appears self-contained and not privileged.