OpenMark AI Model Router
Security checks across malware telemetry and agentic risk
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.
This skill looks coherent for automatic benchmark-based model routing, but it is powerful. Before installing, confirm that you want `openmark/auto` to become your default route, that Python subprocess execution is acceptable, and that your configured providers/fallbacks are suitable for the prompts and conversation context you use in OpenClaw. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Normal OpenClaw messages may be routed to different models or providers than the user’s previous default, affecting cost, latency, and where prompt context is processed.
The plugin intentionally changes model-selection behavior across OpenClaw after installation. This is core to the router purpose and disclosed, but it is a high-impact control surface.
The plugin auto-registers as a provider, sets `openmark/auto` as your default model, and starts routing.
Install only if you want global automatic model routing; review benchmark CSVs, routing cards, and fallback/provider configuration after installation.
Plugin code runs with the user’s local permissions and can participate in updating OpenClaw routing configuration.
The router runs bundled Python code locally. The behavior is disclosed and purpose-aligned, and the README also states the Python router does not require third-party pip packages.
executes the bundled `scripts/router.py` via a local Python subprocess
Use trusted plugin sources, keep the plugin updated, and ensure Python execution on the host is acceptable.
Conversation session metadata and model bindings can be changed, which may affect routing continuity across turns or sessions.
The plugin touches persistent OpenClaw session state. The artifacts describe this as temporary model binding/snapshot continuity, not broad indexing or exfiltration.
reads and updates `~/.openclaw/agents/main/sessions/` state for temporary session model binding and snapshot continuity during same-turn routed turns
Be aware that session state is modified; back up important OpenClaw configuration if needed and monitor routing behavior after install or update.
Configured model providers may receive the same full context they would receive from OpenClaw, but the chosen provider/model may change automatically based on routing.
The router delegates model execution to OpenClaw using the user’s existing provider authentication and may route full context to the selected model. The README states the plugin does not ask users to paste provider API keys directly.
Full session context, system prompt, conversation history ... Authentication and streaming handled by OpenClaw
Verify which providers and fallback models are configured in OpenClaw and ensure they match your privacy and cost expectations.