ClawHub

Auto Model Switcher

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is coherent for automatic model selection, but users should know it may route prompts to configured provider models and log routing metrics.

Install this only if you want automatic model routing. For sensitive, regulated, or cost-sensitive prompts, specify the model/provider yourself and avoid including sensitive details in tasks that could be logged as routing metrics.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description is broad enough to match many common requests, which can cause the skill to trigger unexpectedly and route user prompts through model-selection logic without clear user intent. In this context, over-broad activation increases the chance that sensitive or routine conversations are sent to alternate providers or logged under the skill's routing workflow.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The task-detection logic relies on very broad keywords like 'write,' 'analyze,' 'research,' and common developer terms, with no scope constraints or disambiguation. This makes misclassification likely, so normal requests could trigger automatic model switching, potentially changing data handling, provider exposure, or cost characteristics without sufficiently informed user consent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill advertises automatic model switching across multiple providers and also states that selections may be logged, but it does not require a user-facing warning or consent flow before routing prompts to third-party services. This is dangerous because users may unknowingly disclose sensitive inputs to external providers with different retention, privacy, or compliance properties, and metadata logging can further expand exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal