ClawHub

TokenRouter智能词元路由

Security checks across malware telemetry and agentic risk

Overview

This model-routing skill is not flagged as malware, but it needs review because it appears to profile conversation history and may activate on unrelated tasks without clear user controls.

Review this skill before installing. It may be useful for choosing models and reducing API cost, but only install it if you are comfortable with it inferring preferences from conversation history and potentially appearing during tasks where you did not explicitly ask for routing advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README states that the skill performs progressive user profiling from conversation history without disclosing what data is inferred, retained, or how it is used. In an agent setting, silent preference learning can lead to privacy harms, unauthorized behavioral profiling, and unexpected persistence of user attributes across sessions or tasks.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The Chinese section repeats the progressive profiling feature without any privacy notice, creating the same undisclosed behavioral tracking risk for Chinese-speaking users. This increases the chance that users are profiled without informed consent, especially if the skill adapts outputs or routing decisions based on accumulated conversation-derived preferences.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are extremely broad and include many generic phrases about cost, model choice, or optimization, making it likely that this skill activates in conversations where the user did not actually request routing advice. Over-triggering can hijack normal interactions, cause irrelevant guidance to appear, and steer users toward the skill's recommendations even when another skill or direct answer would be more appropriate.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The eval expects the skill to trigger on a straightforward translation request, even though the skill is described as a model-routing and cost-optimization advisor. This broad activation condition can cause the skill to inappropriately intercept unrelated user tasks, leading to scope hijacking, confusing behavior, and potentially suppressing the correct specialized skill or direct answer path.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal