ClawHub

Ai Model Router

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local model-routing helper with manageable privacy caveats around optional local conversation history.

Install only if you are comfortable with heuristic local/cloud routing recommendations and optional local prompt-history storage. For sensitive work, force the local/primary model and periodically review or delete ~/.model-router/contexts.json if context tracking is enabled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest description defines broad, ambiguous trigger conditions such as generic requests to "switch model," configuration requests, and mentions of sensitive data, which can cause the skill to activate in many contexts beyond explicit user intent. In an agent system, overbroad invocation increases the chance that routing logic handles prompts or sensitive content unexpectedly, potentially changing model selection or privacy behavior without clear authorization.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This code persists conversation content to a local JSON file without any indication in this module of user notice, consent, retention limits, or access controls. Even though messages are truncated to 200 characters, they may still contain sensitive prompts, secrets, or personal data, and storing them on disk increases the risk of unintended disclosure through local compromise, backups, logs, or multi-user environments.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The router stores raw conversation content via `record_message()` whenever the optional context module is enabled, but this file provides no notice, consent mechanism, minimization, or redaction before persistence. Because this component explicitly handles privacy-sensitive routing decisions and may receive secrets or personal data in prompts, silent retention increases the risk of unintended disclosure, over-retention, or later compromise of stored prompt data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal