Back to skill
Skillv1.0.0
VirusTotal security
Smart Router · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:32 AM
- Hash
- dde76a659a184c554df9d9c9302c81f676b7016194d712740af6a0b49e0558c6
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: smart-models Version: 1.0.0 The OpenClaw Smart Router skill is designed to route user requests to various AI models via an OpenAI-compatible API. The `SKILL.md` grants `Bash(smart-router:*)` permissions, which is broad but necessary for the skill's functionality. The `scripts/call-model.sh` and `scripts/sync-models.sh` scripts handle user input (e.g., prompt, model ID) by constructing JSON payloads using `jq --arg` and `jq --argjson`, which correctly escapes strings and prevents shell injection vulnerabilities. API keys and base URLs are securely retrieved from environment variables, which is standard practice. There is no evidence of intentional malicious behavior such as data exfiltration, persistence, or unauthorized remote control, and the code appears to mitigate common injection risks.
- External report
- View on VirusTotal