Which LLM? Deterministic model selection for agents
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If granted wallet access, an agent could participate in irreversible USDC payment flows unless the host enforces explicit approval and spending limits.
The skill requires a high-sensitivity crypto wallet credential for paid requests, while also acknowledging that per-request approval enforcement depends on the host runtime rather than being guaranteed by the skill.
"primary_credential": "WALLET_CREDENTIALS" ... "sensitivity": "high" ... "host_enforcement_guarantee": "external_or_unknown"
Use only a host-managed payment flow with per-request confirmation, a low-balance wallet, spending caps, and independent verification of amount, chain, and recipient before any transaction.
A user relying on registry metadata alone might not realize the skill needs wallet-backed payment authority.
The supplied registry metadata says no primary credential is required, but the skill file itself says wallet credentials are required. The skill discloses the wallet need, but the metadata mismatch could mislead users or automated installers.
metadata: "Primary credential: none"; SKILL.md: "credentials_required: true" and "primary_credential: WALLET_CREDENTIALS"
Treat the skill as requiring high-sensitivity wallet access despite the registry metadata, and the publisher should align the registry credential declaration with the skill files.
Task descriptions, model choices, cost, latency, quality scores, and success/failure information may be shared with api.which-llm.com.
The skill sends task goals, constraints, and outcome metrics to an external provider. This is expected for the service, but users should understand what information leaves their environment.
"Sends requests to the Which‑LLM API" and "Use this after running the recommended model. Report what actually happened so the system can issue a credit token"
Send only the minimum task metadata needed for model selection and avoid including confidential prompt contents unless you are comfortable sharing them with the provider.