Auto Model Router
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill’s model-routing purpose is clear, but it tells the agent to run missing, unreviewed Python helper scripts on nearly every substantive task while passing user task text and API-key-backed access through them.
Review carefully before installing. The concept is reasonable, but the package does not include the Python scripts it asks the agent to run. Do not provide API keys or enable the router mode until you can inspect the actual installed helper scripts and confirm they safely handle prompts, credentials, and routing data.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Most meaningful requests may be routed through this skill instead of being handled directly by the current agent/model.
The skill intentionally tries to route most substantive tasks through itself. That matches its stated purpose, but users should understand it changes normal task handling broadly.
ALWAYS activate this skill at the start of a new task or when the user asks a substantive question.
Install only if you want automatic model routing for broad task categories, and consider disabling or invoking manually if you prefer per-task control.
If executed through a shell with unsafe substitution, unusual task text could break argument boundaries or cause unintended command behavior.
The skill instructs automatic command execution with user-controlled task text as a command argument, but does not provide escaping, sanitization, or approval guidance.
python3 ~/.claude/skills/auto-model-router/scripts/call_model.py "<category>" "<user task text>"
Use a reviewed helper with structured argument passing, escape user input safely, and require user confirmation before first use or when routing sensitive content.
The agent may attempt to run absent or locally supplied code that was not included in the reviewed package, while passing it task text and potentially provider credentials.
The skill relies on helper scripts such as recommend.py, call_model.py, feedback.py, and update_route.py, but the supplied manifest says this is an instruction-only skill with no code files or install spec, so the executable helpers were not available for review.
python3 ~/.claude/skills/auto-model-router/scripts/recommend.py "<user task text>" "<USER_ID>"
Do not rely on the skill until the referenced scripts are shipped in the package, pinned to a known source, and reviewable; verify the installed files before granting API keys.
Providing these keys gives the routing helper access to call the corresponding AI providers under your account.
The skill declares several optional provider credentials. This is expected for a model router, but these are sensitive account keys.
ANTHROPIC_API_KEY, OPENAI_API_KEY, DEEPSEEK_API_KEY, MINIMAX_API_KEY, GOOGLE_API_KEY, AUTO_MODEL_ROUTER_API_KEY
Use least-privilege keys where possible, set only the providers you actually need, and avoid installing until the helper code that uses the keys is reviewable.
If you configure a router URL, your prompts and feedback metadata may be visible to that router service.
Mode B sends task content to a user-configured router service for model selection and feedback learning. This is disclosed and optional, but data handling depends on that router.
Task text and an anonymous session ID are sent to the router at `AUTO_MODEL_ROUTER_URL`.
Use Mode B only with a router you control or trust, and do not send sensitive prompts unless you understand its logging, retention, and access controls.