Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Iblai Openclaw Router
v1.0.0Cost-optimizing model router for OpenClaw. Automatically routes each request to the cheapest capable Claude model (Haiku/Sonnet/Opus) using weighted scoring....
⭐ 0· 502·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and README implement a local Anthropic/OpenRouter proxy which matches the stated purpose. However the registry metadata declared 'no required env vars' and 'instruction-only' while the package includes server.js and install scripts that require an ANTHROPIC_API_KEY and create a systemd service — an incoherence between claims and actual requirements.
Instruction Scope
SKILL.md and README instruct running scripts that will copy files to ~/.openclaw/workspace/router, create/enable a systemd service, and modify ~/.openclaw/openclaw.json to register the provider. The installer also attempts to auto-detect an Anthropic key by grepping ~/.openclaw/agents/main/agent/auth-profiles.json. Reading/writing other agent config and extracting API keys is outside a purely 'instruction-only' description and broadens scope.
Install Mechanism
Install is local (no external downloads) and just copies files and creates a systemd unit. That itself is reasonable for a local proxy, but the installer writes the detected Anthropic API key directly into the systemd unit (Environment=ANTHROPIC_API_KEY=...). Embedding secrets into unit files can expose them to other users/processes and is poor secret management.
Credentials
The package metadata declares no required env vars, but server.js requires ANTHROPIC_API_KEY and the install script actively searches for the user's Anthropic key and places it into the unit file. The README also suggests configuring 'apiKey passthrough' in OpenClaw, but the router ignores incoming x-api-key and uses the environment key — this mismatch is confusing and potentially leads to unexpected key usage/exposure.
Persistence & Privilege
The installer creates a persistent systemd service (Restart=always) and registers a model provider in OpenClaw config. Persistent local services and config changes are expected for this functionality, but combined with the secret-handling behavior above this persistence increases the blast radius if misconfigured.
What to consider before installing
This package implements a local proxy and will install a systemd service and modify your OpenClaw config. Before installing: 1) Inspect server.js and config.json yourself to confirm behavior and upstream URLs. 2) Edit scripts/install.sh to avoid auto-extracting your API key (the script greps ~/.openclaw/agents/main/agent/auth-profiles.json) — do not allow the installer to embed secrets into /etc/systemd/system/*.service. Prefer using an EnvironmentFile with restricted permissions or systemd secret mechanisms, or export ANTHROPIC_API_KEY at runtime instead. 3) Back up ~/.openclaw/openclaw.json and test registration manually rather than letting the installer modify it automatically. 4) If you must run it, run in an isolated environment (container or VM) first and verify that the router only forwards to your configured LLM provider. 5) After install, check /etc/systemd/system/iblai-router.service for embedded secrets and remove/rotate any secret that was written there. The inconsistencies (metadata claiming no env vars / instruction-only vs included code that needs a key and writes configs) are likely sloppy engineering but could expose secrets if installed without care.Like a lobster shell, security has layers — review code before you run it.
latestvk97dkkzq6wr16y0d4wnkmwew1981hmbj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.