Back to skill
Skillv1.0.0
VirusTotal security
Iblai Openclaw Router · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:15 AM
- Hash
- ee17940de841411f4ce439c94b365eb7f3d730214c26f2a43008b5c8fd3c2bc6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: iblai-openclaw-router Version: 1.0.0 The skill bundle is classified as suspicious due to two primary vulnerabilities, despite its stated benign purpose of cost-optimizing model routing. First, the `scripts/install.sh` script reads the sensitive `~/.openclaw/agents/main/agent/auth-profiles.json` file to auto-detect the Anthropic API key. While this key is intended for local use by the systemd service, accessing this credential file is a high-risk operation. Second, the `server.js` proxy allows the `apiBaseUrl` to be configured in `config.json` to an arbitrary endpoint. If an attacker could manipulate `config.json` (e.g., via prompt injection against the agent), this could lead to the exfiltration of the API key and all LLM prompt/response data to an attacker-controlled server. While the documentation suggests legitimate use with OpenRouter, the underlying capability is a significant vulnerability. These are risky capabilities without clear evidence of intentional malicious exploitation within the provided files, hence 'suspicious' rather than 'malicious'.
- External report
- View on VirusTotal