OpenClaw Model Router Skill

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform disclosed model-routing work, with one configuration-related credential exposure risk users should understand.

Install only if you trust the configured OpenClaw binary and the agent executor it calls. Prefer a known absolute binary path, avoid running it with unnecessary secrets in the environment, and review routing configuration before enabling automatic model switching.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The code executes an external binary and forwards the entire parent process environment to it via `env: process.env`. This can expose unrelated secrets, tokens, and credentials to the child process and any downstream tooling it invokes, which is risky when the binary path and behavior are configurable and not tightly constrained.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal