Upstage Solar Delegation
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: upstage-solar-delegation Version: 1.0.0 The skill bundle is a legitimate utility designed to delegate long-form text generation to the Upstage Solar Pro3 model. It uses standard OpenClaw mechanisms like `sessions_spawn` and relies on user-provided environment variables (UPSTAGE_API_KEY or OPENROUTER_API_KEY) for authentication. The instructions in SKILL.md and references/setup-guide.md are transparent, functional, and lack any indicators of malicious intent, data exfiltration, or harmful prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may need to provide an Upstage or OpenRouter API key, which can incur costs and grants access to that provider account according to the key's scope.
The skill depends on provider API keys for its core function, while the registry requirements list no required env vars. This appears purpose-aligned, but users should notice the credential requirement.
| **Upstage Direct** | `solar-pro3` | `UPSTAGE_API_KEY` | Direct Upstage API call (recommended) | ... | **Via OpenRouter** | `openrouter/upstage/solar-pro-3` | `OPENROUTER_API_KEY` | Call through OpenRouter |
Use a dedicated API key with the minimum necessary permissions or spend limits, store it in a secrets mechanism where possible, and monitor provider usage.
Long prompts, conversation context, or messenger content may be processed by an external model provider when delegation is enabled.
The skill intentionally sends task context and writing instructions to a spawned Solar Pro3 session, which may route content to Upstage or OpenRouter.
If enabled and estimate >= threshold, run `sessions_spawn` with Solar Pro3.
Enable delegation only in sessions where external model processing is acceptable, avoid sending secrets or highly sensitive content, and review the provider's data handling terms.
A configuration change could make future long responses in selected sessions use Solar automatically until changed again.
The skill can persist delegation policy changes that affect later behavior, including which sessions delegate to the external model.
Users may request: threshold changes ... session enable/disable ... Apply updates to persistent memory/config used by your environment.
Keep delegation settings explicit, review which sessions are enabled, and document how to disable or reset the policy.
There is limited external provenance information to verify the publisher or documentation origin.
The package has no stated source or homepage. Because it is instruction-only with no install script or code files, this is a provenance note rather than a concrete unsafe behavior.
Source: unknown; Homepage: none
Review the included SKILL.md and setup guide before installing, and prefer known publishers for skills that handle credentials or provider configuration.