Back to plugin

Security audit

OpenMark AI Model Router

Security checks across malware telemetry and agentic risk

Overview

Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.

This skill looks coherent for automatic benchmark-based model routing, but it is powerful. Before installing, confirm that you want `openmark/auto` to become your default route, that Python subprocess execution is acceptable, and that your configured providers/fallbacks are suitable for the prompts and conversation context you use in OpenClaw. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/router-bridge.js:281
Evidence
require('node:child_process').execFileSync(cmd, ['--version'], {