GLM Autoroute
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only model router is mostly coherent, but it tells spawned sessions to create long-term memory and report files for all GLM-5 tasks without clear user approval, retention limits, or path scoping.
Install only if you are comfortable with complex tasks being delegated to GLM-5 and with the skill creating local memory/report files. Before using it with private work, edit or constrain the instructions to require approval before writing MEMORY.md or reports, exclude secrets, and review generated files before trusting them.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or sensitive task details could be retained in a persistent memory file and later influence future sessions.
The skill directs agents to write persistent long-term memory containing user-relevant findings and preferences, but does not define approval, retention, deletion, sensitive-data exclusions, or how that memory will be reused.
**MEMORY.md (Curated Long-Term)** - ONLY key insights, decisions, lessons, significant findings, preferences
Require explicit user approval before writing MEMORY.md, define where it is stored, exclude secrets and sensitive personal data, and provide clear review/delete instructions.
Sensitive information included in a complex request may be sent to the spawned GLM-5 session/provider.
The skill forwards the full task description to a spawned GLM-5 session. This is expected for model routing, but users should notice that complex tasks may be delegated to another model/session.
sessions_spawn({
task: "<the full task description>",
model: "zai/glm-5"Avoid including secrets unless necessary, and consider prompting the user before forwarding especially sensitive tasks to GLM-5.
More tasks than expected may be handed to a spawned GLM-5 session rather than handled in the main session.
The skill encourages broad autonomous use of the session-spawning tool for ambiguous tasks. This is aligned with its routing purpose, but it expands delegation beyond only clearly complex requests.
When in doubt → GLM-5 (better safe than sorry)
Use this skill only if automatic model delegation is desired, and add confirmation for sensitive or high-impact tasks.
A user may receive only a summary while generated code is written to disk, so they need to inspect files before trusting or running them.
The skill tells the agent to save generated code to files and not display the full code by default. This is disclosed and user-requestable, but it reduces immediate visibility into generated changes.
**Full code ONLY in files** — do NOT include in announce unless explicitly requested
Ask to see generated code before using it, and require summaries to include exact file paths and whether existing files were changed.
The package may be harder to verify or install reliably.
The package metadata appears malformed and the package version differs from the registry version shown in the supplied metadata. There is no executable code, so this is a provenance/quality note rather than evidence of malicious behavior.
"version": "1.0.3", "main": "SKILL.md" "openclawMin": "2026.2.13"
Verify the publisher/source and use a corrected package manifest before installing in a sensitive environment.