ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Taxonomy Router

v1.5.0

Route user tasks to the most relevant skills using a layered taxonomy, risk model, and minimum-necessary-loading strategy. Use when deciding which skill to l...

0· 256·0 current·0 all-time
byStairer@wzk332266
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (skill router / taxonomy-based routing) match the SKILL.md content: classification rules, risk baselines, threat dimensions, and routing algorithm. The skill does not request unrelated credentials, binaries, or config access.
Instruction Scope
Runtime instructions are policy and decision rules (how to infer intent, choose domains, prefer low-risk skills). They do not instruct reading system files, accessing environment variables, or transmitting data to external endpoints. The SKILL.md explicitly recommends conservative behavior (ask user before risky actions).
Install Mechanism
No install spec and no code files — instruction-only packaging — so nothing is written to disk or fetched at install time. This is the lowest-risk install posture and is proportionate for a policy/routing skill.
Credentials
The skill requires no environment variables, credentials, or config paths. The requested scope (none) is appropriate for a policy-only router.
Persistence & Privilege
Flags show no forced always-on presence and model invocation is allowed (normal). The skill does not request elevated privileges or to modify other skills' configs. Its guidance explicitly limits autonomous risky operations.
Assessment
This skill is policy-level documentation for routing tasks to other skills and is internally consistent. Before enabling it: (1) confirm your agent enforces the SKILL.md guidance — especially explicit user approval before loading action-capable or newly downloaded skills; (2) test the router in a controlled environment to ensure it doesn’t get invoked indiscriminately for every user task; (3) verify there are no local/hidden extensions or separate packages that implement automation or logging not present in this published package (the changelog mentions heavier private extensions that are intentionally excluded from the public release). Otherwise the package is low-risk because it contains only routing rules and asks for no credentials or installs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ewr9g1q71xz9vfm8vanpr2582v5vc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments