Back to skill
Skillv2.0.0
VirusTotal security
Evolink Router — Smart LLM Routing (Claude, GPT, Gemini, DeepSeek, Kimi) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:01 AM
- Hash
- fc85478b897b9c1d15dafbd6064ec7fde1215d276f8d21437af7fc6468792cb1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: oc-skill-router Version: 2.0.0 The skill is classified as suspicious due to its broad permissions and inherent risks, despite lacking explicit malicious intent. The `SKILL.md` and `references/router-api-params.md` instruct the OpenClaw agent to configure itself with `spawn: ["*"]` permissions, allowing it to spawn any other registered agent. Furthermore, `references/cascade-examples.md` explicitly details tasks for spawned sub-agents that involve file system read/write operations (e.g., "读取 /data/sales-q2.csv", "在 /src/components/Sidebar.tsx 实现...") and command execution (e.g., "运行 TypeScript 编译检查"). While these capabilities are central to the skill's stated purpose of routing and task delegation, they create a significant attack surface for prompt injection, potentially leading to arbitrary file operations or remote code execution if user input is not adequately sanitized before being passed to spawned agents.
- External report
- View on VirusTotal