Auto Model Selector

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill mostly matches its model-routing purpose, but it can automatically send user prompts to a hard-coded LAN Ollama endpoint and run local network detection without clear install-time scoping.

Review and change the Ollama host before installing, especially if you handle sensitive prompts. Confirm that any cloud routing is acceptable, and expect Python/requests/curl/Ollama dependencies even though the registry metadata does not declare them.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI07: Insecure Inter-Agent Communication

Medium

What this means

Private or sensitive prompts could be sent to a specific network host that may not be the user's intended local model server.

Why it was flagged

The router embeds the user's prompt in a request to a hard-coded LAN Ollama endpoint when model-based judging is used, so prompt contents may be sent to that service without endpoint scoping in metadata.

Skill content

def __init__(self, ollama_host: str = "http://192.168.10.14:11434") ... response = requests.post(f"{self.ollama_host}/api/generate", json={"model": self.judge_model, "prompt": f"""... 用户请求：{prompt} ..."""

Recommendation

Change the Ollama host to a user-controlled localhost or trusted server before use, and document/declare this data flow clearly.

#ASI05: Unexpected Code Execution

Low

What this means

Running the skill may execute a local curl command and contact the configured LAN endpoint.

Why it was flagged

The skill spawns curl to query an Ollama model list. This is purpose-aligned model detection, but it is a local command and network call that users should expect and configure.

Skill content

result = subprocess.run(["curl", "-s", "http://192.168.10.14:11434/api/tags"], capture_output=True, text=True, timeout=5)

Recommendation

Declare curl/Ollama requirements and avoid hard-coded endpoints; prefer configurable localhost defaults.

#ASI08: Cascading Failures

Low

What this means

Future requests may be routed differently, potentially to a cloud model, after a failed local-model detection.

Why it was flagged

A transient detection failure can be persisted into models.json by disabling models, which can affect later routing decisions.

Skill content

if model_id not in detected_models:
                self.models[model_id]["enable"] = False
        
        self.save_config()

Recommendation

Make model-detection updates explicit, reversible, and visible to the user before saving changes.

#ASI04: Agentic Supply Chain Vulnerabilities

Low

What this means

Users may not realize extra local dependencies and services are needed until runtime.

Why it was flagged

The documentation references runtime dependencies while the registry metadata declares no required binaries, env vars, or install spec, so setup requirements are under-declared.

Skill content

确保已安装requests库：`pip install requests`

Recommendation

Declare Python, requests, curl, Ollama, and any cloud-model requirements in metadata or setup instructions.