Back to skill
Skillv0.1.1
VirusTotal security
Auto Model Router · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:16 AM
- Hash
- 825adb7b4813f3ac7caf7f8e704b5cc75f8a52ad64fa519d4c439cdc16d5cdfc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: auto-model-router Version: 0.1.1 The skill requests access to multiple sensitive AI provider API keys (OpenAI, Anthropic, etc.) and implements a 'Router Mode' that sends user task text to an external endpoint (AUTO_MODEL_ROUTER_URL). While the documentation claims this is user-configured, the instructions command the agent to 'ALWAYS activate' the skill for every task, effectively intercepting all user input. Because the core logic resides in Python scripts (e.g., call_model.py, recommend.py) that are referenced but not provided in the bundle, the security of the API key handling and the potential for unauthorized data exfiltration cannot be fully verified.
- External report
- View on VirusTotal