Skill Router
WarnAudited by ClawScan on May 14, 2026.
Overview
The router is mostly coherent local routing code, but the artifacts include a hardcoded PubMed API-key command and privacy claims that understate external API or credential use.
Review before installing. The core router logic appears purpose-aligned, but you should not rely on the stated “all local/no API” privacy claim until the hardcoded PubMed API key is removed, external L0 tools are clearly documented, and any runtime model downloads are pinned or verified.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bundled API key could be exposed, abused, rate-limited, or used without the user realizing an external account credential is involved.
The static scan excerpt shows a hardcoded API key embedded in an executable PubMed lookup template, while the registry declares no required credentials.
"invocation": "exec: curl -s 'https://eutils.ncbi.nlm.nih.gov/entrez/eutils/esearch.fcgi?db=pubmed&retmax=20&api_key=[REDACTED]&term=QUERY' | 然后 efetch 获取详情"
Remove the hardcoded key, use a documented environment variable or user-provided credential, declare the credential requirement in metadata, and provide a no-key fallback where possible.
If the QUERY placeholder is substituted unsafely or invoked automatically for information queries, user input could affect a shell command or trigger external API calls unexpectedly.
The catalog uses a raw shell-style exec/curl template with a user-query placeholder, but the provided artifacts do not show escaping, confirmation, or scoped execution controls.
"invocation": "exec: curl -s 'https://eutils.ncbi.nlm.nih.gov/entrez/eutils/esearch.fcgi?db=pubmed&retmax=20&api_key=[REDACTED]&term=QUERY' | 然后 efetch 获取详情"
Use a structured HTTP client instead of shell templates, URL-encode query parameters, require clear user confirmation for external lookups, and document when L0 tools are invoked.
Users may install or use the skill believing it never calls external APIs or uses credentials, even though included artifacts indicate at least one external API command path.
This privacy claim is materially undercut by the separate tool_catalog.json scan evidence showing an external PubMed API curl invocation with an API key.
全本地跑,不调API。skill索引存在本地,不往外发。
Revise the privacy section to distinguish local routing from optional external L0 tools, list all network destinations, and disclose credential requirements accurately.
The first run may fetch external model artifacts, so availability and provenance depend on the configured mirror and current upstream model state.
The router can download an embedding model from an external mirror at runtime; SKILL.md does disclose a first-run model download, but the endpoint and model revision are not pinned in the provided artifacts.
os.environ["HF_ENDPOINT"] = "https://hf-mirror.com" ... SentenceTransformer("all-MiniLM-L6-v2")Document the exact endpoint, pin model/package versions or revisions, and allow users to preinstall or verify the embedding model before use.