Back to plugin

Security audit

ZeroAPI Router

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a disclosed setup/configuration helper for ZeroAPI routing, with some persistent configuration and account-linking implications users should understand.

Before installing, confirm you want this skill to manage ZeroAPI routing and write persistent OpenClaw configuration. Review any OAuth account-linking steps, keep provider credentials under your control, and check or back up ~/.openclaw/zeroapi-config.json if you may want to revert routing behavior later.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill’s trigger conditions are broad enough to activate on generic repo/product questions, not just explicit configuration requests. That can cause unintended invocation of a privileged setup workflow, increasing the chance of unnecessary local inspection, plugin management actions, or config changes when the user only wanted informational help.

Session Persistence

Medium
Category
Rogue Agent
Content
- Qwen Portal OAuth
   - xAI Grok OAuth / SuperGrok when OpenClaw exposes native `xai` device-code or browser OAuth or Hermes exposes legacy `xai-oauth`

5. Write `~/.openclaw/zeroapi-config.json` with:
   - `version`: current plugin version
   - `routing_mode`: `balanced`
   - optional `routing_modifier`: `coding-aware`, `research-aware`, or `speed-aware`
Confidence
86% confidence
Finding
Write `~/.openclaw/zeroapi-config.json` with: - `version`: current plugin version - `routing_mode`: `balanced` - optional `routing_modifier`: `coding-aware`, `research-aware`, or `speed-aware

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.