ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Intelligent Model Router

v3.0.1

Intelligent model routing for sub-agent task delegation. Choose the optimal model based on task complexity, cost, and capability requirements. Reduces costs...

1· 2.2k·19 current·25 all-time
by@bowen31337
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code (router, policy, classifier, provider health, discovery, spawn helper) aligns with the stated purpose of model routing and policy enforcement. Recommending cloud-safe models and discovering provider models is expected. The only minor surprise is the installation step that 'enforces' a mandatory protocol by patching AGENTS.md — this is functionally consistent with 'infrastructure' but is an intrusive side-effect that should be explicit to the operator.
!
Instruction Scope
Runtime instructions require running install.sh which will append a mandatory protocol into a global AGENTS.md (git root or $HOME/clawd/AGENTS.md). The scripts also read ~/.openclaw/openclaw.json, interact with the openclaw CLI (cron list, sessions send), scan and audit crons, and make live HTTP calls to configured model provider endpoints. The SKILL.md does not declare these config/credential reads explicitly. Reading system-wide agent config, scanning crons, and contacting external model endpoints go beyond a simple classifier and grant access to many secrets and system state.
Install Mechanism
There is no external download or remote installer; install.sh is included in the package and modifies AGENTS.md then runs a local router test. That avoids supply-chain download risk but install.sh does perform a repository/global file patch (AGENTS.md) and executes local Python scripts — an operator should review the script before running. No network-based installer was found.
!
Credentials
The skill declares no required env vars, but multiple scripts read OpenClaw configuration (~/.openclaw/openclaw.json), provider definitions (including apiKey and baseUrl), and write provider-health.json under the OpenClaw workspace. discover_models.py will use provider-configured baseUrl and apiKey to do live inference tests — this means the skill will use whatever API keys are present in your OpenClaw config without explicitly requesting them. This is proportionate for a router that must know available models, but the lack of explicit declaration and the ability to send those keys to arbitrary baseUrl endpoints is a significant practical risk.
!
Persistence & Privilege
The installer will append a mandatory protocol to AGENTS.md (repository or $HOME/clawd) — a persistent, global change. The skill also creates/updates files under ~/.openclaw (provider-health.json, discovered-models.json, and uses config.json in the skill dir). It does not set always: true, but the install's self-integration into AGENTS.md constitutes a strong persistent policy enforcement action that affects agent behavior system-wide and should be explicitly approved by the operator.
What to consider before installing
Things to check before installing: - Review install.sh and back up AGENTS.md: install.sh appends mandatory protocol text to AGENTS.md in your repo or $HOME/clawd; back up that file and inspect the installer before running. - Inspect your OpenClaw config: the skill reads ~/.openclaw/openclaw.json and will use provider apiKey and baseUrl entries to perform live checks. If your config contains sensitive keys, the scripts will use them automatically. Make sure provider baseUrl values are trusted — discover_models.py will POST to those endpoints with the keys from your config. - Audit model provider entries: because baseUrl comes from your config, a malicious or misconfigured provider entry could cause keys to be sent to an attacker-controlled server. Only include trusted providers and verify the baseUrl for each provider. - Run in staging first: run the scripts (discover, router_policy, router.py) in a safe environment or with a copy of your config that has no secret keys to observe behavior. - Check persistence & workspace files: provider-health.json and discovered-models.json will be created/updated under .openclaw workspace — ensure you’re comfortable with these files being added and with the read/write behavior. - Ensure you accept the enforcement behavior: this skill is explicit about enforcing a protocol; if you do not want automated edits to AGENTS.md or a mandatory system-wide recommendation, do not run the installer. - If you want to proceed: audit the code paths that call network endpoints (discover_models.py), the router_policy audit (which invokes the openclaw CLI), and any code that writes outside the skill directory. Consider running the discovery and audit commands with a copy of openclaw.json that omits API keys to verify logic without exposing secrets. If you want, I can list the specific functions and lines that read configs, call network endpoints, or patch AGENTS.md to make your review quicker.

Like a lobster shell, security has layers — review code before you run it.

latestvk976knyzf75x49k4t3gcsm2g31829kyg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments