Skillv1.0.0

ClawScan security

solar-delegation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 9:47 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (delegating long-form generation to OpenRouter/Upstage Solar Pro3 and editing gateway config) is coherent with its description, but the metadata does not declare the OpenRouter and primary-model credentials or the need to modify persistent gateway config—an important omission that should be clarified before installing.
Guidance: This skill appears to do what it says (delegate long-form generation to Upstage Solar via OpenRouter) but the package metadata fails to declare the API keys and config changes it needs. Before installing: (1) confirm you or an admin are willing to add an OpenRouter provider and store its API key in your gateway config (and understand where/how keys are stored), (2) verify the OpenRouter domain (https://openrouter.ai) is the intended endpoint, (3) ensure the skill will not be given broader credentials than needed (don’t reuse admin secrets unnecessarily), (4) ask the skill author/registry maintainer to update metadata to declare required env vars/credentials and document exactly what gateway config changes are required, and (5) consider limiting delegation to specific sessions or setting a conservative default threshold until you’ve tested behavior. If you cannot verify those points, treat the metadata omission as a red flag and do not enable this skill in production systems.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose (route long user-facing text to Upstage Solar Pro3 while keeping the primary model for planning/tool calls) matches the runtime instructions: estimating token length, checking session enablement, and spawning a Solar Pro3 session via sessions_spawn. Requesting an OpenRouter provider and configuring Solar in the gateway is consistent with that purpose.
Instruction Scope: noteSKILL.md stays on task: estimate output tokens, check session enablement, spawn Solar, and forward results. It also instructs keeping orchestration minimal and to include a 'no tool call' instruction in spawn requests. However, the instructions explicitly require modifying persistent memory/config (storing thresholds and per-session enablement) and gateway provider config (adding OpenRouter + API key). Those are broader actions than simple runtime behavior and should be surfaced in metadata/permissions.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, so it does not write or execute new artifacts on disk by itself. That lowers installation risk; however, it directs manual edits to the gateway config and restarting the gateway, which are outside the skill bundle and require administrator action.
Credentials: concernThe SKILL.md and setup guide require an OpenRouter API key (sk-or-...) and reference a primary model API key, but the registry metadata lists no required environment variables or primary credential. This mismatch is significant: the skill will not function without adding provider credentials to the gateway, and those credentials are not declared in the skill metadata for user review.
Persistence & Privilege: noteThe skill does not request always:true or autonomous-only elevation, but its setup instructions call for persistent changes: adding a provider to gateway config, storing API keys in that config, and writing delegation policy to persistent memory. Those changes are legitimate for this feature but are system-wide and should be made knowingly and securely by an admin.