Skillv1.2.0

ClawScan security

Mixture of Agents · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 21, 2026, 4:52 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it says: it queries OpenRouter models in parallel and synthesizes their outputs; aside from a small metadata inconsistency and a demo script that runs a hard-coded example, nothing in the package is disproportionate or unexpected.
Guidance: This skill is coherent and appears to be what it claims: it needs an OpenRouter API key and will send your prompts (and the model responses) to openrouter.ai. Before installing, (1) confirm you are comfortable sending query text and any sensitive context to OpenRouter, (2) set OPENROUTER_API_KEY only with a key scoped/rotatable for this use, (3) inspect scripts/moa-paid.js (it contains a hard-coded demo prompt and runs immediately if executed), and (4) avoid using this skill with secrets or highly sensitive data because prompts and responses are logged to stdout and sent to external models. Also correct or be aware of the metadata mismatch (some metadata claims no env vars while the manifest and SKILL.md require OPENROUTER_API_KEY). If you need stronger assurance, ask the author for a canonical repository URL and a checksumed release, and test the code in an isolated environment first.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose (mixing multiple LLMs and synthesizing their outputs) matches the code and instructions. However, registry metadata at the top of the provided package summary lists no required environment variables, while both SKILL.md and manifest.json require OPENROUTER_API_KEY — an inconsistency that should be corrected but is not evidence of malicious behavior.
Instruction Scope: noteSKILL.md and the code instruct the agent to call OpenRouter's chat completions API with the user's prompt, aggregate model responses, and synthesize them. The instructions do not ask for unrelated files or credentials. One minor operational note: scripts/moa-paid.js contains a hard-coded example prompt and calls runMoA(prompt) immediately (it runs when executed), which is a benign demo but may be surprising if someone runs that file expecting only a library. The scripts also print prompt snippets and model responses to stdout (logging), which may expose sensitive prompts/responses in logs.
Install Mechanism: okThere is no install spec (instruction-only skill with Node.js files). No remote downloads or archive extraction are used. The package relies on axios (a normal dependency) and runtime Node >=18 as declared in manifest.json.
Credentials: noteThe only required secret is OPENROUTER_API_KEY, which is appropriate for a skill that calls OpenRouter. The earlier top-level summary incorrectly claimed 'no required env vars', which conflicts with the manifest/SKILL.md — the environment requirement itself is proportionate, but the metadata mismatch should be fixed.
Persistence & Privilege: okThe skill does not request always: true and does not modify other skills or global agent configuration. It behaves as a normal user-invocable skill that makes outbound API calls; autonomous invocation is allowed by default but not unusually privileged here.