Skillv2.0.0

ClawScan security

Evolink Router — Smart LLM Routing (Claude, GPT, Gemini, DeepSeek, Kimi) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 7:22 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (routing to many LLMs via Evolink) mostly matches its instructions, but it asks the agent to merge config into your OpenClaw config and to enable broad spawn permissions without declaring that config path — this mismatch and the broad runtime privileges are concerning and deserve review before installing.
Guidance: What to check before installing 1) Confirm Evolink trustworthiness: visit https://evolink.ai and review privacy/billing docs. The skill routes all requests through Evolink; that service will see prompts and could bill usage to the provided API key. If you proceed, create a scoped or separate API key if Evolink supports it. 2) Review and control config changes: the SKILL.md instructs merging changes into ~/.openclaw/openclaw.json (adding provider/models/agents). Back up that file first and manually inspect any JSON you paste in — do not blindly accept an automated merge. The registry metadata did not declare this config path. 3) Limit spawn privileges: the example config uses spawn:["*"]. Consider replacing that with a narrower list of models or denying spawn in your copy of the config if you want to limit what sub-agents can do. 4) Test with minimal scope: initially set the Evolink key with minimal billing limits or a test account and try read-only queries. Avoid sending secrets or sensitive data until you trust the routing behavior. The skill claims Evolink doesn't store requests long-term — verify this in Evolink's policy. 5) Be cautious about automatic file access: examples show the skill reading local files (CSV, project source). Only grant file access when asked for a specific task and verify which files are being read. 6) If unsure, ask for more info: request provenance (who published the skill), a link to the Evolink account/terms, and confirmation that the skill will not overwrite unrelated providers in your OpenClaw config. If the publisher cannot explain the config merge and spawn permissions clearly, treat the skill as higher risk.

Review Dimensions

Purpose & Capability: noteName/description match the runtime instructions: the skill routes requests to direct.evolink.ai and uses a single EVOLINK_API_KEY to reach multiple upstream providers. Requesting one Evolink API key aligns with the stated capability. Minor incoherence: SKILL.md instructs modifying ~/.openclaw/openclaw.json (to add provider/models/agents) but the registry metadata declares no required config paths — the skill will ask to write to a user config file that was not declared in the metadata.
Instruction Scope: concernSKILL.md explicitly tells the agent/how-to instructions to merge provider and agents into ~/.openclaw/openclaw.json (and shows spawn: ["*"]) and gives many examples that read local files (e.g., /data/sales-q2.csv, /src/components). While reading user files can be legitimate for analysis tasks, the instruction to modify a user config file is a direct write-to-disk action that was not declared. The skill also instructs spawning sub-agents with broad permissions: examples and the provided JSON encourage spawning and reading of files for 'spawn: true' tasks. The doc asserts Evolink 'does not store data beyond request lifecycle' — that's a behavioral claim the skill makes but cannot be verified from the instruction-only content.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or executed by an installer from external URLs.
Credentials: noteOnly one env var is required (EVOLINK_API_KEY), which is proportional to the skill's purpose of proxied model access. However, the skill's instructions involve merging API configuration into the user's OpenClaw config and enabling spawn:['*'] for agents — this amplifies the power of that single credential. Consider whether you want one key to grant access to many upstream providers and to be used by spawned sub-agents.
Persistence & Privilege: concernThe skill does not set always:true, but it instructs adding provider and an agent entry into ~/.openclaw/openclaw.json with permissions spawn:["*"] and maxSpawnDepth:2. That persists configuration in the user's OpenClaw config and grants broad runtime spawning privileges to spawned agents. Writing/merging into a user config file is a privileged action and was not declared under required config paths. This combination of persistent config changes + broad spawn permissions increases blast radius if the Evolink key or routing logic is abused.