MuleRouter
PassAudited by ClawScan on May 1, 2026.
Overview
MuleRouter appears to be a disclosed media-generation API skill, but it uses your MuleRouter API key, runs local Python via uv, and can upload chosen image inputs to the configured service.
Before installing, confirm you trust the MuleRouter/MuleRun endpoint, use a revocable API key, run only the documented uv commands, and avoid uploading sensitive images or videos unless you accept the provider's handling of that data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can run the skill's Python scripts and install/synchronize dependencies through uv.
The skill allows local uv-based command execution and dependency synchronization, which is central to its documented CLI workflow but still gives the agent a meaningful local execution path.
allowed-tools: Bash(uv run *) Bash(uv sync *) Read
Use the documented uv commands only, and review the project files before allowing dependency installation or script execution.
Anyone using the skill must provide an API key that may allow media generation and possible account charges on the configured service.
The actual HTTP client attaches the configured MuleRouter API key to API requests, matching the documented purpose but involving account-level API authority.
"Authorization": f"Bearer {self.config.api_key}"Use a dedicated or revocable API key, prefer the official MuleRouter/MuleRun endpoints, and avoid sharing logs or .env files containing the key.
Private or sensitive images provided as inputs may be uploaded to the configured external service.
The skill explicitly sends user-selected local image content to the external MuleRouter/MuleRun API for generation or editing.
Valid image files are converted to base64 and sent to the API
Only provide media you are comfortable uploading, and check the provider's retention and privacy terms before using sensitive images or videos.