v1.0.0

Auto Router

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:14 AM.

Analysis

This skill should be reviewed carefully because it automatically routes messages to paid external AI models and relies on a missing local script outside the packaged files.

GuidanceBefore installing, verify and review the missing auto-router.js file, avoid running the fixed-path wrapper unless you trust that local code, and enable paid/API routing only with explicit cost limits and privacy expectations.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityHighConfidenceHighStatusConcern

router-integration.sh

cd /Users/thibaut/clawd
exec node auto-router.js "$QUESTION"

The wrapper executes a Node router script from a fixed local directory, but auto-router.js is not included in the supplied two-file manifest and there is no install spec explaining its provenance.

User impactUsing the skill could run unreviewed local code as the main router, so users cannot verify what it does with their prompts, accounts, or model choices from the submitted artifacts.

RecommendationPackage the router implementation with the skill, use relative paths, declare the Node dependency, and document or pin any external code before installation.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Route automatiquement chaque message vers le modèle le plus adapté et économique ... Très complexe | Claude Opus 4.5 (API) | 💰💰💰 Premium

The skill says it automatically routes every message and may choose a premium paid API model, but the artifacts do not show a per-message approval step, budget limit, or safe default.

User impactA user could incur unexpected API costs or have messages sent to a paid external model based on the router's automatic classification.

RecommendationRequire explicit user approval before paid or premium API calls, add configurable cost limits, and make local-only routing the default unless the user opts in.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceMediumStatusNote

SKILL.md

Claude Sonnet 4 (API) ... Claude Opus 4.5 (API)

Paid Claude API use likely requires an account credential, while the registry metadata declares no primary credential, required environment variable, or configuration path for that authority.

User impactIf configured elsewhere, the skill may use a paid API account without the package clearly declaring which credential or account scope is involved.

RecommendationDeclare the required credential mechanism and scope, and make account usage explicit before enabling API routing.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

local gratuit vs API payant ... Claude Sonnet 4 (API) ... Claude Opus 4.5 (API)

The skill clearly discloses that some messages can be routed to external API models, but it does not describe data handling, retention, or what content is eligible for external routing.

User impactPrompts that may contain private information could leave the local environment when the router selects an API model.

RecommendationDocument the provider data boundary and add an opt-in or confirmation requirement before sending sensitive prompts to external API models.