Model Router
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent and purpose-aligned, but it stores AI provider API keys locally and routes tasks to spawned model sessions, so users should review those behaviors before use.
Before installing or running setup, decide which providers you trust, use limited or budget-controlled API keys when available, verify that ~/.model-router is private, and avoid routing sensitive prompts to models/providers you have not approved.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the setup wizard will place AI provider credentials on disk, which could affect billing or account access if the local account or file is compromised.
The setup wizard persistently stores provider API keys in a local file. This is expected for a model-router setup, and the code applies restrictive permissions, but API keys are high-value credentials.
API_KEYS_FILE = CONFIG_DIR / ".api-keys" ... keys[env_key] = key ... os.chmod(API_KEYS_FILE, 0o600)
Only enter provider keys you intend this skill to use, prefer limited-scope or budget-limited keys where possible, verify ~/.model-router permissions, and rotate keys if you remove or stop trusting the skill.
Tasks may be processed by different model providers or spawned sessions, which can have different cost, privacy, and retention implications.
The intended workflow sends task text to selected model sessions/providers. This is core to the skill, but it means sensitive prompts may leave the current session boundary.
Support for 6 major AI providers ... sessions_spawn --task "Debug this memory leak" --model claude-sonnet
Use explicit model choices for sensitive work, avoid routing secrets or regulated data unless the selected provider is approved, and review provider privacy/billing settings.
Running the wizard executes local code that creates files and stores configuration/API keys.
The quick start asks the user to run a local Python setup script. This is disclosed and central to configuration, not hidden execution.
python3 scripts/setup-wizard.py
Run the script only from the installed skill directory you intended to use, and inspect the included script first if you are concerned about local credential handling.
A user could overestimate the protection of the local .api-keys file if their disk or home directory is not actually encrypted.
The security section frames stored API keys as encrypted via the operating system. Users should understand this is not application-level encryption by the skill and depends on the user's OS/storage configuration.
Encrypted at rest (via OS filesystem encryption)
Treat the key file as sensitive plaintext protected mainly by local account permissions unless you have verified full-disk or filesystem encryption.