Skillv0.1.1

ClawScan security

Auto Model Router · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 7, 2026, 1:17 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (routing tasks to the best model) matches the credentials it lists, but the runtime instructions rely on local Python scripts that are not included, reference a user ID without explaining where it comes from, and allow optional remote router usage that will send user task text to a user-supplied URL — these gaps and mismatches warrant caution and verification before installing.
Guidance: This skill's purpose (automatically choosing models) is plausible, but do not install or run the scripts referenced by SKILL.md until you verify their source. Actionable steps: - Ask the publisher for the repository or packaged code and review the scripts under ~/.claude/skills/auto-model-router/scripts before running them. - Do not set AUTO_MODEL_ROUTER_URL to an untrusted server: Mode B will send task text and a session ID to that URL. If you must use a router, host it yourself or inspect the router code. - Provide API keys only for providers you trust and only as needed. The skill marks them optional — you shouldn't have to supply all keys. - Resolve metadata mismatches with the publisher (version and the UI's [object Object] display) — metadata inconsistencies could indicate stale or poorly packaged skills. - If you cannot review the external scripts, treat this skill as untrusted and avoid running the commands that would execute arbitrary Python code on your machine.

Review Dimensions

Purpose & Capability: okThe name and description (model routing across multiple providers) align with the declared optional API keys for Anthropic, OpenAI, DeepSeek, MiniMax, and Google — those credentials are reasonable for a multi-provider router.
Instruction Scope: concernThe SKILL.md instructs the agent to run several Python scripts under ~/.claude/skills/auto-model-router/scripts/*. No code files are bundled with the skill (instruction-only), so those scripts are not provided by this package. The instructions also require a <USER_ID> value but do not specify where the agent should obtain it. Mode B will send task text (and an anonymous session ID) to the user-provided AUTO_MODEL_ROUTER_URL — this is documented, but it is a clear data-exfiltration surface if the URL points to an untrusted endpoint. Overall the runtime steps assume external/local artifacts and identifiers that are not included or explained.
Install Mechanism: noteThere is no install spec (instruction-only), which minimizes what the skill itself writes to disk, but the instructions expect a preinstalled script tree and a setup.py to configure routes. Because no code is bundled, you must obtain and inspect those scripts separately before running them.
Credentials: noteThe declared env vars (multiple provider API keys plus an optional router URL and router API key) are proportionate to a multi-provider model router and are marked optional in the SKILL.md. However the registry summary shown to the evaluator contained malformed entries (displayed as [object Object]) and the manifest versions differ (registry shows version 0.1.1 while SKILL.md is 0.2.0), indicating metadata inconsistencies that should be resolved.
Persistence & Privilege: okThe skill is not set to always:true and does not request system-wide config paths. It can be invoked by the agent, which is the platform default; there is no indication it modifies other skills or requires elevated persistence.