ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawrouter

v0.12.149

Smart LLM router — save 67% on inference costs. Routes every request to the cheapest capable model across 55+ models from OpenAI, Anthropic, Google, DeepSeek...

11· 2.6k·20 current·22 all-time
by@1bcmax
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires wallet
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (an LLM request router) align with the declared config requirement models.providers.blockrun and with the SKILL.md instructions to set model routing to blockrun/auto. Requiring a single aggregator/provider config is reasonable for a router that uses a single wallet to access many models.
!
Instruction Scope
SKILL.md only instructs installing the @blockrun/clawrouter plugin and switching models to blockrun/auto or a pinned model. It does not request unrelated environment variables, but it also does not disclose how requests or user data are routed, logged, or shared across providers. Because the router will forward user inputs to many third-party models, the absence of any data-handling, privacy, or retention guidance is a significant omission.
Install Mechanism
The registry entry has no install spec and no code files; SKILL.md tells the user to run 'openclaw plugins install @blockrun/clawrouter'. That implies installation of external code (npm/registry/remote) but the skill metadata doesn't specify the package source or verify it. The lack of an explicit install spec in the registry means the runtime install step is opaque — review the plugin package before running the install command.
!
Credentials
The registry requires a config path models.providers.blockrun (plausible), and no env vars are listed. However, a single 'wallet' provider config likely contains credentials/access to many models and possibly billing access. Centralizing access in one provider increases blast radius: if the plugin misbehaves or is compromised, many downstream providers and user data could be exposed. The skill does not justify or document the credential/permission scope expected in that config.
Persistence & Privilege
Flags show always:false and normal autonomous invocation is allowed. The skill does not request persistent system-wide changes in its SKILL.md. This is the expected privilege model for a plugin-style router and is not itself a red flag.
What to consider before installing
Before installing: (1) Inspect the actual plugin package @blockrun/clawrouter (source repo, package registry entry, commit history) — do not install blind. (2) Review what models.providers.blockrun contains (which provider(s), API keys, wallet/billing permissions) and ensure least privilege. (3) Ask the publisher for a clear privacy/data-handling policy: which requests are sent to third parties, are logs stored, and how long are they retained. (4) If you must test, pin a non-sensitive model instead of enabling auto-routing, or run in an isolated account/environment with no sensitive data. (5) Prefer installing from a verified GitHub release or official registry and audit the plugin code before granting it access to your wallet/config.

Like a lobster shell, security has layers — review code before you run it.

latestvk979kte7hzzht5xbzxjy697cr184rm8q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦀 Clawdis
Configmodels.providers.blockrun

Comments