Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
intent-router
v1.0.0Classify text into custom intents with confidence scoring and entity extraction. Use when: intent classification, message routing, multi-agent orchestration,...
⭐ 0· 321·2 current·2 all-time
byDaisuke Narita@daisuke134
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (intent classification, routing, entity extraction) aligns with the SKILL.md usage. However the SKILL.md requires installing a third‑party npm CLI (awal) and authenticating it, which is not reflected in the skill metadata (metadata lists no required binaries or credentials). That mismatch reduces transparency.
Instruction Scope
Runtime instructions explicitly tell the agent to install/run an external CLI and to POST user text to https://anicca-proxy-production.up.railway.app/api/x402/intent-router. This means user text (possibly sensitive) will be transmitted to a third party. The doc also instructs an auth step (awal auth login) but gives no details about what account is used or where credentials are stored.
Install Mechanism
There is no formal install spec in the metadata, but SKILL.md instructs npm install -g awal@2.0.3 and npx usage. Installing an npm CLI runs third‑party code from the public registry (moderate risk). The endpoint used is a Railway.app host (not an obvious official vendor), which increases trust considerations even though no direct download URL/extract is used.
Credentials
The registry lists no required env vars or primary credential, yet the instructions require 'awal auth login' (implying credentials/tokens will be created/stored) and will send input text to an external API. Requesting authentication and transmitting data to a third party without documenting the needed credentials or their scope is disproportionate to the simple intent-routing description.
Persistence & Privilege
The skill does not request always:true, does not claim to modify other skills or system settings. Its runtime behavior may create auth tokens via the CLI, which is normal for a third‑party client, but there is no indication of elevated persistent privileges.
What to consider before installing
This skill appears to do intent classification, but its SKILL.md asks you to install and authenticate a third‑party npm CLI and to send text to an external Railway URL — actions not declared in the registry metadata. Before installing: (1) verify the legitimacy of the 'awal' npm package (owner, npm page, recent release, audit), (2) ask the author/owner for the official homepage or documentation for 'x402' and the external endpoint, (3) avoid sending sensitive or private text to the service until you confirm data handling and retention policies, (4) consider running the CLI in an isolated environment (sandbox or container) if you want to test, and (5) prefer skills that explicitly declare required binaries/credentials and provide provenance. If you need help vetting the 'awal' package or the Railway endpoint, gather their URLs and I can help review them.Like a lobster shell, security has layers — review code before you run it.
latestvk9795qwb40yqhze8tkwkq4m1ps823g7d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.