TinkerClaw Model Router

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only model-routing skill that gives visible guidance for choosing LLM tiers and does not contain executable code or hidden data access.

Before installing, confirm that you are comfortable with the skill influencing model selection for sub-agents and cron jobs, and adapt the chain-of-thought guidance to your provider and organization rules. The reviewed artifacts are documentation-only and do not themselves install code, access secrets, or run commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 90% confidence
Finding: The markdown explicitly prescribes 'full CoT, Tree of Thought' for strong-tier models and 'native CoT' for reasoning models. This is a natural-language policy concern because it mandates a specific reasoning/interaction style rather than offering it as optional or context-dependent, and no user choice or organizational justification is provided.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal