ClawHub

Openclaw Llm Router

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenClaw model-routing helper that inspects local model configuration, with no evidence of secret exfiltration, destructive behavior, or hidden persistence.

Install only if you are comfortable with a router inspecting local OpenClaw configuration and provider availability. Review the tier defaults and use manual model overrides or an allowlist if you need strict control over cost or which provider receives your prompts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to read local configuration files, inspect environment-derived provider credentials, and probe a local Ollama HTTP endpoint, but the metadata declares no permissions. That creates a transparency and consent gap: users and the platform are not clearly informed that local files, credential-related data, and local network resources may be accessed.

Tp4

High
Category
MCP Tool Poisoning
Confidence
86% confidence
Finding
The documented behavior overclaims multiple capabilities while also omitting a local network probe to localhost:11434. Description-behavior mismatches are dangerous because they undermine informed consent and trust boundaries, making users more likely to approve a skill without understanding actual data access or network interactions.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The README shows invocation phrases like normal conversational requests and preference statements without clear trigger boundaries, making it plausible that the router skill could activate during unrelated user messages. In a routing skill that can influence model/provider selection, ambiguous triggers can cause unintended execution, unexpected provider use, cost changes, and accidental disclosure of local model availability context to the skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README says the skill automatically reads local OpenClaw configuration and lists provider detection methods based on API keys, but it does not clearly warn users that local configuration and credential presence will be inspected. Even if the skill only checks for configured providers rather than exfiltrating secrets, failing to disclose this behavior undermines informed consent and increases the risk of users exposing sensitive environment details unexpectedly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs access to local OpenClaw config files and inspection of API-key-related state without a clear warning that sensitive local configuration and credential-adjacent information may be touched. Even if the intent is only to detect presence, such access can reveal provider usage, account setup, file locations, or accidentally expose secrets through logs or outputs.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises a web-search-powered model library update feature without clearly warning that invoking it may contact external services. This can leak usage patterns, model interests, or environment metadata, and may surprise users who expect a purely local routing helper.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal