Skillv1.0.1

ClawScan security

Model Router · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 27, 2026, 3:29 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and documentation mostly match its stated purpose (model routing), but there are a few incoherent or risky details—most notably a hardcoded, user-specific config path and minor metadata inconsistencies—that warrant review before installation.
Guidance: This skill appears to do what it says (select models based on task/length/quality) and contains no network calls or secret exfiltration. Still, review these before installing: 1) The code defaults to /home/skyswind/.openclaw/openclaw.json — change the config_path to a path in your own home directory (or pass a different path when constructing ModelRouter) so it won't read someone else's files. 2) Verify the model IDs and mappings in MODEL_PROFILES and TASK_MODEL_MAP match the provider names you expect (there are small name variations in docs vs code). 3) Because the skill suggests editing agent config, double-check file permissions and back up your existing openclaw.json before changing it. If you want higher assurance, run the module locally (inspect model_router.py) and instantiate ModelRouter with an explicit config_path you control.

Review Dimensions

Purpose & Capability: noteThe name/description (intelligent model routing) align with the included Python implementation: TASK_MODEL_MAP, MODEL_PROFILES, CLI and Python API all implement routing. The skill claims support for 8 Bailian models and the code contains eight profiles. Minor naming differences (e.g., 'qwen3-max' vs 'qwen3-max-2026-01-23' shown in docs) are present but don't break routing logic.
Instruction Scope: concernSKILL.md instructs editing /home/skyswind/.openclaw/openclaw.json and the ModelRouter default config_path is hardcoded to that same absolute path. The module will attempt to read that file if present. This is user-specific and risky because it can read another user's config if such a path exists on the host; it also makes the skill less portable and may mislead users into editing a path that doesn't belong to them.
Install Mechanism: okNo install spec, no external downloads, and no required binaries — the skill is instruction-plus-code only. There are no network calls, no extraction or third-party package installs in the code. This is a low install risk.
Credentials: noteThe skill does not request environment variables or credentials (requires.env none), which is proportional for a routing utility. However, it suggests editing a specific config file path and the code will read that path; reading user config files can expose local settings. There are no API keys or secrets requested in metadata.json (requires_api_key: false).
Persistence & Privilege: noteThe skill is not always-enabled and does not declare elevated privileges. It only reads (not writes) the configured JSON path by default. Still, recommending edits to a specific agent-level config file in the user's home implies an expectation of persistent configuration; ensure the path is adjusted to the correct user and permissions before editing.