Model Router Hook

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This model-routing skill appears aligned with its stated purpose, but it can switch the active AI model and keeps local routing/profile/cost memory across sessions.

This looks like a purpose-aligned model router rather than a malicious skill. Before installing, make sure you are comfortable with automatic model switching, local cross-session memory under ~/.openclaw/workspace/memory/model-router/, and the limited source/provenance metadata.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

Low

What this means

When used, the skill may switch between fast and thinking models automatically, which can affect answer style, latency, and cost.

Why it was flagged

The code can change the active OpenClaw model using the CLI/API or an environment override. This is disclosed and central to the skill, but it affects agent behavior.

Skill content

["openclaw", "session", "status", f"--model={model_name}"] ... os.environ['_OPENCLAW_MODEL_OVERRIDE'] = model_name

Recommendation

Install only if you want automatic model selection; review the configured model names and budget settings before integrating it into an agent.

#ASI06: Memory and Context Poisoning

Low

What this means

Past interaction-derived preferences or session data may influence future routing decisions and remain on disk until removed.

Why it was flagged

The skill explicitly stores cross-session user/profile, session-memory, and cost data locally for adaptive routing.

Skill content

P2 | 会话记忆 | 上下文感知 + 全局用户画像（跨会话学习） ... 数据自动存储在： ~/.openclaw/workspace/memory/model-router/

Recommendation

Review or delete the files under ~/.openclaw/workspace/memory/model-router/ if you do not want retained routing history or user-profile data.

#ASI04: Agentic Supply Chain Vulnerabilities

Info

What this means

You have less external context for who maintains the code and how updates are sourced.

Why it was flagged

The package includes executable Python files but provides limited external provenance information. The supplied artifacts do not show remote downloads or hidden dependencies.

Skill content

Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; Code file presence: 2 code file(s)

Recommendation

Review the included files before use and install only from a registry/source you trust.