ClawHub

Smart Router

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a normal AI model router, but users should understand that their prompts and generated media may go to the configured external provider.

Install only if you trust the configured API endpoint and its data-retention policy. Avoid routing secrets, regulated data, private code, screenshots, or documents unless that provider is approved, and be aware that temporary outputs may be written under /tmp on the local machine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill advertises automatic routing, alias handling, and media capabilities, but the described implementation does not fully match those claims and may perform extra behaviors such as enumerating provider models and storing generated artifacts locally. This mismatch can mislead users about what data is sent externally, what is actually supported, and what side effects occur, which increases the risk of unintended data exposure and unsafe reliance on the skill.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to configure arbitrary OpenAI-compatible providers and route requests through them, but it does not warn that prompts, attachments, and possibly sensitive conversation data may be transmitted to third-party endpoints. In a routing skill that automatically selects models based on task type, this omission is more dangerous because users may not realize their data is being sent externally or to a provider different from the default one they expect.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill is explicitly designed to forward user prompts, and potentially images, to third-party OpenAI-compatible providers, but it does not clearly warn users about that data transfer. This is dangerous because users may supply sensitive text, code, screenshots, or documents under the assumption the processing is local or first-party, creating privacy, compliance, and confidentiality risks.

Missing User Warnings

Low
Confidence
77% confidence
Finding
The script writes generated image output to a predictable location under /tmp with a timestamp-based filename and default permissions, which can expose potentially sensitive generated content to other local users on multi-user systems. While the impact is limited and local, temporary-file handling in shared directories should use secure creation semantics.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The script writes provider-returned model metadata to a predictable world-accessible temporary path (/tmp/smart-router-models.json) without creating a private file or warning before the write. On multi-user systems this can expose potentially sensitive internal model inventory or enable file-clobber/symlink issues if an attacker can pre-place that path, though the data itself is usually low sensitivity.

External Transmission

Medium
Category
Data Exfiltration
Content
Models and provider are configured in `models.json`. Set two environment variables:

- `SMART_ROUTER_BASE_URL` — OpenAI-compatible API base URL (e.g. `https://api.openai.com/v1`)
- `SMART_ROUTER_API_KEY` — API key for the provider

Edit `models.json` to customize categories, models, and defaults for your provider.
Confidence
91% confidence
Finding
https://api.openai.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal