Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Model Router
v1.1.0A comprehensive AI model routing system that automatically selects the optimal model for any task. Set up multiple AI providers (Anthropic, OpenAI, Gemini, Moonshot, Z.ai, GLM) with secure API key storage, then route tasks to the best model based on task type, complexity, and cost optimization. Includes interactive setup wizard, task classification, and cost-effective delegation patterns. Use when you need "use X model for this", "switch model", "optimal model", "which model should I use", or to balance quality vs cost across multiple AI providers.
⭐ 5· 3.5k·39 current·42 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (model routing across multiple providers) matches the provided code and docs: a local classifier and an interactive setup wizard that stores provider API keys and writes routing config. However the SKILL.md claims "Encrypted at rest" as a storage feature; the code only writes a plaintext file (~/.model-router/.api-keys) with file permissions 600 and does not perform encryption itself. That claim is therefore an overstatement dependent on the user's OS-level encryption, not implemented by the skill.
Instruction Scope
Runtime instructions are confined to local actions: run the setup wizard, run the classifier, and use an external sessions_spawn tool to spawn model sessions. The setup wizard collects API keys (hidden input) and writes them to ~/.model-router/.api-keys; the classifier performs only local keyword matching. The SKILL.md tells users to never commit keys and to use env vars in production. No instructions attempt to read unrelated system files or network-exfiltrate keys, but the skill does create a plaintext keys file (expected for purpose but notable). The docs also reference an external CLI (sessions_spawn) not provided by the skill.
Install Mechanism
No install spec is present; this is an instruction-and-script-only skill. Nothing is downloaded or executed automatically beyond the included Python scripts. This lowers risk compared to remote installers.
Credentials
The skill requests no declared environment variables and no primary credential. It does, however, store provider API keys in ~/.model-router/.api-keys under names like PROVIDER_API_KEY and optionally PROVIDER_BASE_URL. That is proportionate to the stated purpose (it must hold API keys to call providers), but storing keys in a plaintext file (even with 600 perms) may be weaker than users expect given the SKILL.md's claim of "Encrypted at rest."
Persistence & Privilege
The skill does not request always:true or elevated platform privileges. It only writes to its own directory (~/.model-router) and its own config files. It does not modify other skills' configs or claim broad system access.
What to consider before installing
What to consider before installing:
- The included scripts implement a local classifier and an interactive setup wizard that saves your provider API keys to ~/.model-router/.api-keys (format: KEY=VALUE). The wizard hides input when you type the key and sets file permissions to 600, which is reasonable but not the same as encrypting keys.
- SKILL.md states "Encrypted at rest (via OS filesystem encryption)" — the skill does NOT encrypt keys itself. That statement only applies if your system already uses disk encryption. If you need stronger protection, use a platform secret store (OS keyring, HashiCorp Vault, cloud secret manager), or modify the scripts to encrypt the keys before writing.
- The skill does not declare any environment variables or remote installers and the code does not contain network/exfiltration logic. Still, verify that the sessions_spawn tool or other external CLIs it expects are genuine and available on your system before running sample commands.
- Do not commit ~/.model-router/.api-keys or config.json to version control. Rotate keys after setup as the documentation advises.
- If you want higher assurance, inspect the scripts locally (they are small and readable) and consider replacing plaintext key storage with an encrypted keystore or using environment variables / secrets manager for production deployments.
Summary recommendation: the skill appears to be what it claims, but contains a misleading storage claim and uses plaintext key files—treat it cautiously (review or harden key storage) before trusting it with production API keys.Like a lobster shell, security has layers — review code before you run it.
latestvk979r5c8345mh2phyx515skecx7zmfsrmulti-providervk979r5c8345mh2phyx515skecx7zmfsrsetup-wizardvk979r5c8345mh2phyx515skecx7zmfsrv1.1vk979r5c8345mh2phyx515skecx7zmfsr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.