Skillv1.0.0

ClawScan security

Auto Model Router · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 7, 2026, 6:22 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: This is an instruction-only skill that is internally consistent with its stated purpose (routing tasks to models); it does not request unexpected credentials or install code, but it assumes existing platform-level model/provider access and the ability to create sub-agents and reload OpenClaw which you should verify before use.
Guidance: This skill appears to do what it claims and contains only configuration and prose — no code is installed. Before enabling it: 1) confirm your OpenClaw environment already has the provider credentials (OpenAI, Anthropic, Google, Zhipu, etc.) it will rely on, since the skill doesn't request them; 2) review and back up your OpenClaw config because the skill may auto-save configs and reload the agent; 3) if you want to limit risk, test in a sandbox agent/account that permits creating subagents and reloading, and verify what permissions those subagents will have; 4) if you require strict auditability, ask the skill author for an explicit runtime flow showing how subagents are created and which endpoints they call.

Review Dimensions

Purpose & Capability: okThe name/description (auto-selecting models by task) matches the provided instructions and config files (8 task categories, Plan A/B/C mappings). No unrelated binaries or secrets are requested and the included config files are coherent with the stated goal.
Instruction Scope: noteSKILL.md stays focused on classification, mapping, and configuration. It does instruct the agent to save config (~/.openclaw/skills/auto-model-router/), auto-reload OpenClaw, and spawn 'sub-agents' for burst tasks — actions that modify agent state and create subordinate agents. Those behaviors are within the skill's purpose but are higher-privilege operations you should be aware of.
Install Mechanism: okNo install spec and no code files to write or execute; this is instruction-only which minimizes install-time risk.
Credentials: noteThe skill declares no required environment variables or credentials (consistent with instruction-only design). However, its runtime behavior assumes access to model/provider endpoints (e.g., 'openai/*', 'anthropic/*', 'google/*', 'zhipu/*') and mentions 'API identification' for unknown models — which implies the agent or platform must already have provider credentials configured. The skill itself does not request unrelated secrets.
Persistence & Privilege: notealways:false and user-invocable:true. The skill will write its own config under the user skill path and ask to reload OpenClaw and create subagents. These are reasonable for this skill's function but represent elevated actions (changing agent state and spawning subagents) that you may want to control or review.