Back to plugin
Pluginv7.1.4
ClawScan security
OpenMark AI Model Router · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMay 10, 2026, 3:36 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5.5
- Summary
- Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
- Guidance
- This looks like a legitimate automatic model-routing plugin, not a passive benchmark viewer. Before installing, be comfortable with it becoming the default router, running local Python, modifying OpenClaw config/session state, and making an extra classifier model call. Keep a backup of OpenClaw settings, confirm Python is installed, and review provider/cost settings and imported benchmark CSVs. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
- Findings
[suspicious.dangerous_exec] expected: The child_process finding corresponds to the documented behavior of finding/running the bundled Python router locally; no shell-string injection or unrelated execution path is shown in the provided snippets. [pre-scan.system-prompt-override] unexpected: A pre-scan signal was reported, but the supplied SKILL.md excerpt does not include a concrete system-prompt override snippet to review, so it was not treated as an agentic-risk finding.
Review Dimensions
- Purpose & Capability
- noteThe advertised purpose is model routing, and the artifacts consistently describe provider registration, classification, benchmark lookup, and routed model selection. These are sensitive capabilities but are purpose-aligned.
- Instruction Scope
- noteThe skill routes normal messages automatically after installation and sends the current message to a classifier model, while documenting bypasses for short messages, slash commands, and internal prompts.
- Install Mechanism
- noteNo install script is declared, but the package includes compiled JavaScript and bundled Python. The README discloses Python 3.8+ even though registry requirements list no required binaries.
- Credentials
- noteThe skill reads/writes OpenClaw configuration, session state, and benchmark CSVs. That is broad local access, but it is directly related to routing and disclosed in the README.
- Persistence & Privilege
- noteIt persists routing/default-model state and starts a local dashboard/server. This is expected for a router, but users should know it can affect future OpenClaw conversations.