ClawHub

Auto Model Router

Security checks across malware telemetry and agentic risk

Overview

This is a documented model-routing skill with expected privacy and control considerations, but no hidden executable, credential request, destructive action, or unrelated behavior was found.

Install only if you are comfortable with automatic model and provider selection. For sensitive prompts, configure an allowlist, disable or limit fallback/sub-agent behavior if the host supports it, and review any runtime implementation before allowing API lookups, config writes, reloads, or paid provider usage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The documented 'Multi-Agent 分派' behavior expands the skill from passive model routing into autonomous sub-agent orchestration. That increases authority and execution scope, creating a larger attack surface for unreviewed prompt propagation, unintended actions, and privilege creep if the host treats the skill as a simple router.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Automatically saving configuration and reloading OpenClaw grants the skill an administrative workflow beyond its stated purpose. Even if only documented, this normalizes self-reconfiguration behavior that could be abused to alter agent state, activate changed settings without review, or disrupt running sessions.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The documentation says unknown models may be identified via API, implying outbound network access and data disclosure that are not reflected in the manifest scope. This can expose user-supplied model names, prompts, or metadata to external services and introduces SSRF/privacy/compliance risks if implemented loosely.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly states that model switching does not require asking the user, while routing may send tasks to different providers with different privacy, retention, and jurisdictional properties. Silent provider switching can violate user expectations and organizational policy, especially when tasks contain sensitive code, documents, or media.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger patterns for code-generation and adjacent categories are broad enough to match common user phrasing such as '寫', '生成', or '開發', which can cause the router to invoke the wrong category or model unintentionally. In an auto-routing skill, misclassification directly affects downstream model selection and can lead to inappropriate tool/model use, reduced safeguards, or unexpected behavior across many requests.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The creative-writing category relies on generic verbs like '寫', '編寫', and '撰寫', which are common across many unrelated tasks, making activation boundaries ambiguous. Because this skill automatically routes tasks, such ambiguity can silently send analytical or coding prompts to a creative-writing path, degrading reliability and potentially bypassing category-specific constraints.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Using highly generic image-generation triggers such as '生成' and '創建' makes this category prone to accidental activation by many ordinary requests unrelated to images. In an automatic router, this can misdirect user tasks to image-capable models or workflows, causing incorrect execution paths, wasted resources, and possible policy mismatches if the wrong modality is selected.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal