Skillv1.0.0

ClawScan security

Smart Router · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 25, 2026, 6:38 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's runtime behavior (shell scripts that call an arbitrary OpenAI-compatible API and require an API key/base URL) is consistent with a model router, but the package metadata omits required environment variables and binaries and the scripts write outputs to /tmp — these mismatches and modest risks should be resolved before trusting the skill.
Guidance: This skill is plausible for routing prompts to different LLM/image/video/audio providers, but there are a few issues to check before installing: - Metadata mismatch: the registry claims no required env vars or binaries, but the scripts require SMART_ROUTER_BASE_URL and SMART_ROUTER_API_KEY and rely on curl, jq, and base64. Ask the publisher to update the manifest to declare these requirements. - Trust the provider URL: the skill will send all prompts, attached images, and any content to whatever BASE_URL you configure. Only point it at an API endpoint you trust (your provider, not an unknown third-party URL). Consider using a monitored proxy if you must use an unfamiliar endpoint. - Temporary files: generated images/audio are written to /tmp. If you handle sensitive data, clear these files after use or run in an environment where /tmp is secure. - Minimal runtime review: the shell scripts are readable and perform straightforward curl calls, but they run arbitrary model IDs from models.json. Review and edit models.json to whitelist only providers/models you want to allow. If you cannot confirm the publisher or don't want user content sent to an arbitrary endpoint, do not install. If you proceed, require the author to correct the manifest and consider running the skill in a restricted/test environment first.

Review Dimensions

Purpose & Capability: noteThe name/description (multi-model router for OpenAI-compatible APIs) match the included scripts and models.json: the skill needs a provider base URL and API key to call models, which is appropriate for the stated purpose. However, the registry metadata declares no required environment variables or binaries even though SKILL.md and the scripts explicitly require SMART_ROUTER_BASE_URL and SMART_ROUTER_API_KEY and use curl, jq, base64 — this metadata omission is inconsistent and reduces trust.
Instruction Scope: okSKILL.md and the scripts limit actions to selecting models from models.json and calling the configured provider endpoints. They do not instruct the agent to read unrelated user files or fetch external endpoints beyond the configured BASE_URL. The scripts do write temporary files (/tmp/smart-router-*.png, /tmp/smart-router-tts-*.mp3, /tmp/smart-router-models.json), which can persist user content locally.
Install Mechanism: okThere is no install spec (instruction-only with shipped scripts), so nothing is fetched or installed at install time. This is lower risk than arbitrary downloads. The presence of executable shell scripts means code will run on the agent host when invoked.
Credentials: concernThe runtime requires SMART_ROUTER_BASE_URL and SMART_ROUTER_API_KEY (provider base URL and API key) — appropriate for a router — but the skill registry lists no required env vars and no primary credential. The mismatch is concerning because users may not realize they must supply an API key, and the skill will send user prompts and any attached images to the configured BASE_URL (an arbitrary endpoint the user supplies). No other unrelated secrets are requested, but the declared metadata should explicitly list these env vars and the expected scope of the API key.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable. It does not modify other skills or agent-wide settings. It writes temporary outputs to /tmp but does not attempt persistent auto-enablement or cross-skill config changes.