ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Multi-Model Router

v1.0.0

Automatically routes tasks to the most suitable local or cloud AI model based on privacy, context length, cost, and performance requirements.

0· 124·1 current·1 all-time
by@keven0706
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with code: the skill analyzes prompts and returns a chosen model alias and migrated context. However the SKILL.md claims guarantees like "sensitive data absolutely never sent to cloud" and "100% local processing for sensitive content" — the code only selects a model alias (e.g., a local model alias) and does not itself perform model invocation or enforce transport controls. That privacy claim therefore depends on the hosting platform mapping aliases to truly-local runtime and preventing downstream cloud calls, which the skill cannot enforce.
Instruction Scope
Runtime instructions and code operate within the skill folder: they read config/default.json and config/user-preferences.json, write user preferences and append audit logs (logs/routing-audit.log), and provide health/logging methods. They do not read other system config, environment secrets, or make outbound network calls. The audit logs record decision metadata (model, reason, privacyLevel) but not prompt text — still, metadata could be sensitive.
!
Install Mechanism
No install specification or package manifest is declared, yet the code requires an external module ('gpt-tokenizer') and is a non-trivial Node.js package with tests. There is no package.json, no declared npm deps, and no instructions to install dependencies. That makes the package incoherent (it will likely fail at runtime unless the environment already has the dependency). Lack of an install step also prevents verification of provenance and reproducible dependency resolution.
Credentials
The skill requests no environment credentials (good), but it writes config and audit logs to disk under the skill directory. It also includes model aliases for cloud providers (xinliu/*) and local runtime (ollama/*). Because environment/config mapping of those aliases to real model endpoints is handled by the platform, the skill's privacy and cost claims depend on external configuration. The absence of any declared requirement for local model endpoints or runtime assurances is a proportionality gap.
Persistence & Privilege
always:false and no special OS restrictions. The skill persists user preferences and audit logs in its own config/logs directories — this is normal for a router. It does not modify other skills' configs or system-wide settings.
What to consider before installing
This package mostly does what it says (analyze prompts and pick a model), but there are practical issues to resolve before installing: 1) The code depends on an external tokenizer ('gpt-tokenizer') yet no package.json or install instructions are provided — confirm and install required Node dependencies or request the package.json from the author. 2) The privacy guarantee in SKILL.md is a policy claim the router alone cannot enforce — verify your OpenClaw deployment maps the listed local alias (e.g., ollama/...) to an actually-local runtime and that the platform prevents escalation to cloud models for sensitive tasks. 3) The skill writes audit logs and user-preferences to disk (logs/routing-audit.log, config/user-preferences.json); review those files for any metadata you consider sensitive and ensure log access is appropriately restricted. 4) Because provenance is unknown (source/homepage not authoritative), consider running the skill in a sandboxed environment first, review/complete missing packaging info (package.json, dependency list), and request the author or repository for more context before using in production.

Like a lobster shell, security has layers — review code before you run it.

ai-routervk9774qq2rrwktn7vt1xmdapcv58311ejcontext-managementvk9774qq2rrwktn7vt1xmdapcv58311ejlatestvk9774qq2rrwktn7vt1xmdapcv58311ejmulti-modelvk9774qq2rrwktn7vt1xmdapcv58311ejprivacyvk9774qq2rrwktn7vt1xmdapcv58311ejroutingvk9774qq2rrwktn7vt1xmdapcv58311ej

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Multi-Model Router - 智能多模型动态路由

🎯 功能概述

智能多模型动态路由系统,根据任务需求、上下文长度、隐私级别和成本因素,自动选择最适合的AI模型。

🚀 支持的模型类型

  • 云端大模型: Qwen3-Max, Kimi 等(高上下文,适合复杂任务)
  • 本地模型: Ollama Qwen3.5 等(隐私保护,离线可用)
  • 平衡模型: 中等上下文,成本效益最优

🔧 自动路由策略

  1. 隐私优先: 检测到敏感信息时自动使用本地模型
  2. 上下文适配: 超长上下文自动路由到支持大上下文的模型
  3. 成本优化: 日常任务优先使用成本更低的模型
  4. 性能优先: 复杂推理任务使用高性能模型

🛡️ 安全特性

  • 敏感数据绝不发送到云端
  • 自动PII(个人身份信息)检测
  • 完整的审计日志记录
  • 可配置的隐私阈值

⚡ 使用方式

完全自动化,无需手动干预。系统会根据任务特征智能选择最佳模型。

📊 性能优势

  • 平均响应时间减少 15-30%
  • API 成本降低 40%+
  • 隐私保护级别提升
  • 资源利用率优化

📋 配置选项

支持自定义路由规则、隐私阈值、成本敏感度等参数。

Files

15 total
Select a file
Select a file to preview.

Comments

Loading comments…