Mixture of Agents
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears to do what it says—send your question to OpenRouter models for a synthesized answer—but it uses an OpenRouter API key, shares prompts with an external provider, and includes one extra demo script that would run a hard-coded paid query if executed.
Install only if you are comfortable sending prompts to OpenRouter and paying for several model calls per query. Use a dedicated API key with limits, avoid confidential prompts unless the provider terms are acceptable, and run the documented scripts/moa.js entrypoint rather than the included moa-paid.js demo script.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Invoking the skill can bill the user's OpenRouter account and use the user's API quota.
The script uses a local OpenRouter API key to authorize model requests. This is expected for the skill's purpose, but it gives the skill access to a paid provider account.
const OPENROUTER_API_KEY = process.env.OPENROUTER_API_KEY; ... "Authorization": `Bearer ${OPENROUTER_API_KEY}`Use a dedicated OpenRouter key with spending limits if available, and monitor usage.
Sensitive questions or confidential data included in prompts may be transmitted to OpenRouter and underlying model providers.
The user's prompt is sent to OpenRouter models, and the returned model outputs are then sent to an aggregator model. This is the core disclosed workflow, but it means prompt content leaves the local agent.
messages: [{ role: "user", content: prompt }] ... RESPONSES FROM ${successCount} MODELS:Avoid sending secrets, private customer data, or regulated information unless OpenRouter's data handling terms fit your needs.
Running this particular helper script could spend a small amount of API credit on a built-in demo prompt unrelated to the user's current task.
This extra script runs a hard-coded paid query immediately when executed instead of waiting for user input. It is not the manifest entrypoint, but accidental execution would still make OpenRouter calls.
const prompt = `What web2 services ... Arweave and Filecoin ...`; ... runMoA(prompt).then(result => {Use the documented entrypoint scripts/moa.js for normal use; maintainers should add a require.main guard or remove/clearly label the demo script.
The skill may fail unless axios is already available, or users may need to install a package outside the provided artifact set.
The code depends on axios, but the provided install specifications say there is no install spec. This is not malicious by itself, but dependency requirements are not fully captured in the install metadata.
const axios = require('axios');Prefer a package manifest or install spec that pins and declares runtime dependencies.