Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ToolRouter Gateway
v1.0.0Unified access to 150+ tools via ToolRouter API. Dynamically exposes research, security scanning, video production, web extraction, and more as native OpenCl...
⭐ 0· 39·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md claims a gateway/proxy to ToolRouter (150+ dynamic tools, MCP server, automatic provisioning) and requires a TOOLROUTER_API_KEY, but the registry metadata declares no required env/credential. The included code is a demo stub that returns a 3-item mock catalog and does not actually perform network calls to api.toolrouter.com. This is inconsistent: the skill advertises production proxy behavior but the code does not implement it, and the manifest omits the API key requirement.
Instruction Scope
The runtime instructions ask for an API key, describe dynamic creation of many native tools, MCP server usage, and calling api.toolrouter.com; the actual run.py only implements local discovery/status/proxy stubs for a few tools and never performs HTTP/MCP network calls. The script writes cache and usage lines to memory/<files> and stores input objects in the cache file, which can persist potentially sensitive inputs. The discrepancy between broad, networked behavior in docs and local stub behavior in code is a scope mismatch.
Install Mechanism
There is no install spec (instruction-only install) which is lower risk. However a code file is included (scripts/run.py) that will execute if the agent runs it; the code writes files into the workspace (memory/...), creating persistent artifacts. No third-party downloads or external installers are used.
Credentials
SKILL.md explicitly requires TOOLROUTER_API_KEY in the environment, but the registry metadata lists no required environment variables or primary credential — that's an inconsistency. Aside from the single API key, no unrelated credentials are requested. Still, the omission in the manifest means automated permission checks might not surface the fact that this skill expects a secret.
Persistence & Privilege
The skill does not request always:true or system-wide privileges. It does create and append to files in the agent's current workspace (memory/toolrouter-cache.jsonl and memory/toolrouter-usage.jsonl and possibly toolrouter-gateway-config.json). Those files can persist inputs and usage logs locally; if the skill were extended to call external endpoints, those logs could be sensitive.
What to consider before installing
This skill is suspicious because the docs promise a production-grade proxy and automatic provisioning but the packaged code is a local demo stub and the manifest omits the API key requirement. Before installing or giving it any keys: (1) Do not set TOOLROUTER_API_KEY globally until you verify the source. (2) Ask the publisher for a public homepage or repository and a clear changelog showing real network/MCP implementation. (3) Confirm why the registry metadata does not declare the required TOOLROUTER_API_KEY. (4) If you test it, run it in an isolated workspace/container because it will create memory/ files that store inputs and usage logs. (5) Review or run the code yourself to verify whether it actually calls https://api.toolrouter.com and whether it would ever transmit cached inputs. If the developer provides a real network implementation, a declared env var in the manifest, and provenance (repo/homepage/license), this assessment could be revisited.Like a lobster shell, security has layers — review code before you run it.
automationvk97dc2wv92dqyfn5jbxhq1bknn8411kpgatewayvk97dc2wv92dqyfn5jbxhq1bknn8411kplatestvk97dc2wv92dqyfn5jbxhq1bknn8411kpmcpvk97dc2wv92dqyfn5jbxhq1bknn8411kpproxyvk97dc2wv92dqyfn5jbxhq1bknn8411kptoolroutervk97dc2wv92dqyfn5jbxhq1bknn8411kp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.