Back to skill

Security audit

Auto Model Router

Security checks across malware telemetry and agentic risk

Overview

This skill is a configuration-only model router that matches its stated purpose, though users should be aware it can automatically send tasks to different model providers.

Review the selected plan before enabling it, especially for sensitive work, because prompts or files may be routed to different providers automatically. Use a limited provider set if needed, check the generated config after setup, and avoid granting unrelated crypto or purchase authority unless OpenClaw separately explains why it is required.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup flow says configuration will be saved and OpenClaw reloaded, but it does not clearly warn the user that files under a user config path may be created or modified. Hidden or under-documented writes to persistent configuration can surprise users, overwrite prior settings, and create opportunities for unsafe changes to become durable without informed consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill proposes API-based identification of unknown models without any privacy notice, data-minimization statement, or consent flow. If implemented, this could leak user-provided model names, environment-specific configuration, or usage patterns to third parties without the user's awareness, which is especially sensitive in an agent configuration context.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The routing rules use very broad keywords and input patterns such as "寫", "生成", "分析", and "快速" across multiple categories, which can cause ambiguous or unintended model selection. In an auto-router skill, misclassification can send prompts to a weaker, less appropriate, or more expensive model, creating reliability and policy-enforcement gaps if downstream safeguards differ by model or modality.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest defines many overlapping categories but provides no explicit conflict-resolution constraints, negative examples, or disambiguation logic. In a model-routing context this increases the chance that ordinary prompts match several categories at once, leading to inconsistent routing behavior that attackers or users can steer by inserting generic trigger words.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.