ClawHub

Model Router

PassAudited by ClawScan on May 10, 2026.

Overview

No malicious behavior is evident, but the included router code appears to be a simulation and real multi-LLM use would have privacy implications.

This skill appears safe from the provided artifacts, but treat it as a prototype rather than a working secure model router. Do not rely on it for critical answers unless real provider calls and model-selection controls are implemented, and avoid sending sensitive information to multiple LLM providers without explicit consent.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low
#ASI09: Human-Agent Trust Exploitation
What this means

Users could over-trust the quality or reliability of the output if they believe it is actually consulting multiple live models.

Why it was flagged

The code explicitly says the actual API call is simulated, while the skill description presents it as parallel multi-LLM invocation with result merging. This is not malicious, but users should not assume it provides real ensemble reliability.

Skill content
async def _call_api(self, model: str, prompt: str, **kwargs) -> str:
        """实际API调用 (模拟)"""
        # 实际实现需要根据不同模型接入API
        await asyncio.sleep(0.1)
        return f"[{model}] 处理: {prompt[:50]}..."
Recommendation

Treat this as a demo/stub unless real, reviewed provider integration is added and the documentation is updated to match the implementation.

Low
#ASI07: Insecure Inter-Agent Communication
What this means

If real API calls are implemented later, prompts and intermediate model outputs may be shared with several third-party AI providers.

Why it was flagged

The artifact defines multiple external LLM provider endpoints. Although the current implementation does not actually call them, the intended use would send task content and merged context across provider boundaries.

Skill content
LLM_ENDPOINTS = {
    "gpt4": {"url": "https://api.openai.com/v1/chat/completions", "model": "gpt-4"},
    "claude": {"url": "https://api.anthropic.com/v1/messages", "model": "claude-3-opus"},
    "gemini": {"url": "https://generativelanguage.googleapis.com/v1/models/gemini-pro:generateContent", "model": "gemini-pro"},
}
Recommendation

Avoid routing confidential data through this skill unless you understand and accept each provider's data handling terms, and require explicit user choice for models used.