ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ZeroAPI Model Router

v3.1.0

Route tasks to the best AI model across paid subscriptions (Claude, ChatGPT, Codex, Gemini, Kimi) via OpenClaw gateway. Use when user mentions model routing,...

0· 989·0 current·0 all-time
by@dorukardahan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description and SKILL.md consistently describe a multi-provider model router that relies on OpenClaw to handle API connections; requiring access to OpenClaw agent config (`agents`) is appropriate. However the registry metadata claims either the `openclaw` or `claude` binary must exist — the SKILL.md explicitly says OpenClaw handles API connections, so requiring a `claude` binary as an alternative is surprising and likely unnecessary for the stated purpose.
!
Instruction Scope
The SKILL.md instructs the agent (and user) to perform sensitive operations: run interactive OAuth flows in tmux, capture and extract OAuth URLs and redirect responses, instruct the user to send those redirect URLs via third‑party messaging (WhatsApp/Telegram/Discord), run Python scripts that extract tokens from per-agent auth-profiles and write them into global `openclaw.json`, and restart the OpenClaw gateway service. These steps require reading and writing sensitive token files under $HOME/.openclaw and transmitting auth material over external channels — behaviors that extend beyond simple routing logic and introduce a high-risk handling surface for credentials.
Install Mechanism
There is no install spec and no code files to execute; the skill is instruction-only. That minimizes supply-chain risk because nothing will be downloaded or installed by the SKILL itself.
!
Credentials
The skill declares no required environment variables or primary credential, yet its runtime guidance expects access to multiple on-disk credential locations (`credentials/oauth.json`, `openclaw.json`, `agents/*/auth-profiles.json`) and to perform writes to them. Asking an agent to read/write other agents' auth profiles and to sync tokens globally is a high-privilege action not represented in the declared requirements; the SKILL.md thus requests access to sensitive secrets beyond what the registry metadata communicates.
Persistence & Privilege
The skill does not request always:true. However its instructions direct modifying OpenClaw config files and restarting the OpenClaw gateway service (`systemctl --user restart openclaw-gateway.service`) — operations that change runtime authorization state and affect other agents. While these actions are explainable for headless OAuth and token sync, they are powerful and should be executed only with explicit user consent and careful backup.
What to consider before installing
This skill is plausibly a legitimate multi-model router, but it includes sensitive operational steps around OAuth and token management that you should treat carefully. Before installing or using it: (1) Confirm why the metadata lists a `claude` binary as an optional requirement — ask the author if that is needed. (2) Back up your OpenClaw config and credential files ($HOME/.openclaw/openclaw.json, credentials/*, agents/*/agent/auth-profiles.json) before running any sync scripts. (3) Prefer the built-in auto-refresh flow; only use the manual tmux OAuth flow if auto-refresh fails. (4) Never send full OAuth redirect URLs or tokens over untrusted channels; if the skill tells you to relay a URL via WhatsApp/Telegram/Discord, consider performing the OAuth flow locally in a browser on a trusted device instead. (5) Review any Python snippets or restart commands before running them — they will write tokens into config and restart services. (6) If you need stronger assurance, ask the maintainer for a minimal flow that does not require global token writes, or request a code-based skill (so the code can be audited) rather than instruction-only guidance.

Like a lobster shell, security has layers — review code before you run it.

cost-optimizationvk9746kfpr71tj5wkfcef8qvghd80x25clatestvk97bf8g3kakhhw03p052fev9es81ewjqmulti-modelvk9746kfpr71tj5wkfcef8qvghd80x25croutingvk9746kfpr71tj5wkfcef8qvghd80x25csubscriptionvk9746kfpr71tj5wkfcef8qvghd80x25c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
OSmacOS · Linux
Any binopenclaw, claude
Configagents

Comments