ClawHub

RealmRouter Switch

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: manage RealmRouter settings for OpenClaw, while handling API keys and changing local OpenClaw configuration.

Install only if you want this skill to modify your OpenClaw RealmRouter provider, default model, API key, backups, and gateway state. Treat the API key as a secret, avoid placing real keys in shared chat or shell history, protect ~/.openclaw/openclaw.json and backups, and prefer the bundled Python Windows installer over the documented missing PowerShell commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill explicitly instructs users to modify configuration, write shell profile files, restart services, use environment variables, and perform network-based key/model validation, yet it declares no permissions. That mismatch weakens user consent and platform enforcement because a user may invoke a skill capable of sensitive local and network actions without clear permission boundaries.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are very broad natural-language commands such as '切换模型' and '把 key 设为 xxx', which can cause accidental invocation during ordinary conversation. Because the skill claims it will automatically execute changes and restart the gateway, an unintended trigger could lead directly to sensitive configuration changes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill states that it will 'automatically' perform all actions, including gateway restarts, but does not provide a prominent upfront warning that these are sensitive, state-changing operations. This increases the chance that users disclose secrets or approve disruptive actions without understanding the consequences.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal