Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ToolRoute
v1.0.4Route every task to the best MCP server and cheapest LLM. Scores on real execution data across quality, reliability, speed, cost, and trust.
⭐ 0· 101·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md behavior (POST task descriptions to https://toolroute.io to obtain an MCP server/model and optionally report outcome) aligns with the declared purpose of routing tasks to the best server/model. However, the registry metadata claims no required binaries or env vars while the SKILL.md lists curl as a required binary and instructs storing TOOLROUTE_AGENT_ID in an environment variable — an inconsistency that should be resolved by the publisher.
Instruction Scope
Instructions explicitly send natural-language task descriptions and telemetry to an external service. While the doc warns to generalize sensitive details, the skill depends on sending user-provided task text off-host, which can leak secrets if users are careless. The instructions do not request reading local files or other system credentials, which is good, but the allowed data flow to an external endpoint is the main risk.
Install Mechanism
This is an instruction-only skill with no install spec or code files, reducing on-disk risk. It mentions optional npm SDKs (@toolroute/sdk, @toolroute/hook) but does not require them. No downloads or extraction steps are present.
Credentials
Registry metadata lists no required env vars, yet SKILL.md asks users to store a returned agent_identity_id in an environment variable (TOOLROUTE_AGENT_ID). That single env var is plausible for attribution/credits, but the mismatch between metadata and instructions is confusing. The skill does not ask for unrelated secrets (AWS keys, tokens) which is proportional, but the agent ID could still be sensitive and link agent activity to your account.
Persistence & Privilege
The skill does not request always: true and is user-invocable only; autonomous invocation is allowed by default (normal). It does not claim to modify other skills or system-wide configs. No elevated persistence privileges are requested.
What to consider before installing
This skill routes task descriptions to an external service (toolroute.io). Before installing: 1) Confirm the publisher and privacy policy (metadata shows no homepage/source but SKILL.md links to toolroute.io). 2) Do not send raw sensitive text — generalize or redact names, secrets, PII. 3) If you register, treat the returned agent_identity_id as a credential (store it securely and avoid committing it). 4) Prefer using the skill only for non-sensitive tasks until you verify the service (check TLS cert, privacy policy, and reputational signals). 5) Ask the publisher to fix metadata mismatches (declared required binaries/env) so the skill description accurately reflects runtime requirements.Like a lobster shell, security has layers — review code before you run it.
agentvk972325q8zj3w9e9zrwm0japex83dcm3latestvk97a8kqmq2qmeknzcms6j81qe183nphamcpvk972325q8zj3w9e9zrwm0japex83dcm3openclawvk972325q8zj3w9e9zrwm0japex83dcm3routingvk972325q8zj3w9e9zrwm0japex83dcm3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.