Back to skill

Security audit

Auto Model Router

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed model-routing skill made of Markdown and JSON configuration, with no executable install code, but users should understand its automatic model switching behavior.

Install only if you are comfortable with automatic routing across configured models and providers. Review the Plan A/Plan B mappings, disable or avoid API lookup in sensitive environments if possible, and confirm the platform is not granting unrelated crypto or purchase permissions from the metadata tags.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill is presented as a model router, but it also documents automatic sub-agent generation and delegation. That expands the skill from passive routing into autonomous task execution, increasing attack surface and enabling unintended actions under the guise of simple model selection.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Automatically reloading OpenClaw after saving configuration is a control-plane action that exceeds ordinary routing behavior. Even if intended for convenience, it can modify runtime state without explicit approval, making misconfiguration or abuse more impactful.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Querying unknown model capabilities via an API introduces undocumented outbound communication and external dependency behavior. This can leak user-supplied model identifiers or related context and allows the skill to perform actions beyond local routing logic.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The setup flow states that configuration is saved and OpenClaw may be reloaded, but the skill description does not clearly warn about these side effects. Missing disclosure is dangerous because users may invoke setup expecting harmless guidance while actually triggering persistent changes and possible service-impacting operations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation describes querying unknown models through an API without any privacy or data-transmission warning. This omission can mislead users about where their inputs go and create unreviewed data exposure to third parties.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The routing rules use very broad keywords and input patterns such as '寫', '生成', '分析', and '全部', which can cause many ordinary requests to be classified into the wrong task category. In an auto-model-router skill, misclassification can systematically send prompts to an unintended model capability or cost tier, reducing safety, predictability, and policy enforcement tied to model selection.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.