Multi-Model Router
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill is a plausible model router, but its privacy guarantees are overstated and it can automatically choose cloud models in cases where sensitive context may be involved.
Install only if you are comfortable with automatic model selection that may use cloud models. Do not rely on the stated “sensitive data never sent to cloud” guarantee unless the skill is fixed to scan both prompt and context and to block cloud fallback for sensitive tasks.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may trust the skill with sensitive information believing it will never leave the local machine, even though the router can still select cloud models under some conditions.
The skill makes an absolute privacy claim, but the implementation only checks limited secret-related patterns and does not provide comprehensive PII detection or a guaranteed cloud-blocking path.
- 敏感数据绝不发送到云端 - 自动PII(个人身份信息)检测
Replace absolute privacy claims with accurate limits, scan both prompt and context for sensitive data, and enforce a hard local-only block whenever sensitivity is detected.
Private conversation history or document context could be routed to a cloud model if the prompt itself does not contain one of the limited sensitive patterns.
Only the prompt is checked for privacy sensitivity, while the router also receives and migrates a separate context value. Sensitive data in context can therefore be missed before cloud routing decisions.
const privacyLevel = this.detectPrivacyLevel(prompt);
Run privacy detection on prompt and context together, include broader PII patterns, and require confirmation before sending any uncertain or sensitive context to cloud models.
A sensitive or oversized request that cannot fit the local model can automatically fall back to a cloud model instead of stopping and asking the user.
When filters eliminate all candidates, the router automatically uses the configured fallback. The default fallback is high_context, which is configured as a cloud model.
if (candidates.length === 0) {
console.warn("No suitable models found, using fallback");
return this.config.fallback_strategy;
}Make fallback privacy-aware: if sensitive content is detected, fail closed or ask the user rather than falling back to a cloud model.
The skill may fail at runtime or rely on an external dependency whose exact version and provenance are not reviewable here.
The code imports an external package, but the provided artifacts include no install spec, package.json, or lockfile declaring the dependency.
const { countTokens } = require('gpt-tokenizer');Provide a package manifest and lockfile, or document that the dependency is supplied by the OpenClaw runtime.
The log does not appear to store prompt text, but it can still reveal usage patterns and routing decisions over time.
The skill persists routing audit records locally, including timestamp, selected model, reason, context length, privacy level, and task type.
this.logPath = path.join(__dirname, '../logs', 'routing-audit.log');
Document log retention and provide a clear way to view, rotate, or delete routing audit logs.