Cn Api Router

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent OpenClaw model-provider setup helper, but users should handle API keys and third-party model routing carefully.

Use a dedicated provider API key with spending limits, review the generated config.patch before applying it, avoid shared terminals or logged CI sessions when entering keys, and install only if you are comfortable sending future prompts to the configured third-party model provider.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill advertises a very broad activation scope, including catch-all language like handling '任何国内 AI 模型接入相关需求'. Overly broad triggers can cause the agent to invoke this skill in situations beyond simple model setup, increasing the chance of inappropriate handling of secrets, configuration changes, or user requests that only loosely relate to provider setup.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The document instructs users to configure third-party model providers and includes external API endpoints, but it does not warn that prompts, files, and other conversation data may be transmitted to those providers. In a model-routing/configuration skill, this omission is security-relevant because users may assume the setup is local or privacy-preserving when it is not.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script prints a generated JSON patch containing the raw API key directly to stdout. This can expose the credential through terminal scrollback, shell session recording, CI/job logs, or copy/paste mistakes, especially because the tool is explicitly designed to handle provider secrets.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Accepting the API key via a --api-key command-line argument exposes the secret to shell history, process listings, audit tools, and possibly telemetry. In the context of a model configuration helper, users are likely to paste production credentials, so this creates a practical secret-handling weakness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal