ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

openclaw intent router

v1.0.0

Intelligently routes natural language user intents to the best matching registered agent skill using keyword and semantic matching with confidence scores.

0· 180·0 current·0 all-time
byJustin Liu@zhenstaff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (intent router) align with the instructions and examples (Node package that registers/routs skills). However, the SKILL.md requires Node.js/npm while the skill package in the registry is instruction-only with no code — this is plausible (a documentation-only skill) but inconsistent with expectations that a skill in the registry might provide its own implementation or a homepage/source.
Instruction Scope
SKILL.md stays on-topic (matching/routing, examples of registerSkill/route). It does instruct users to install an external npm package and clone a GitHub repo; it does not direct the agent to read unrelated system files or request secrets. Still, the document references optional semantic embeddings without explaining whether those call external APIs (a potential scope creep if implemented that way).
Install Mechanism
There is no install spec in the registry (lowest-risk), but the SKILL.md tells users to run `npm install` or `git clone` to obtain the package. Installing third-party npm packages or cloning repos can introduce code from external sources — verify package publisher and inspect code before running. The suggested sources (npm/GitHub) are typical but the registry entry does not include or link to the code, creating an audit gap.
Credentials
No environment variables, credentials, or config paths are requested by the registry. The SKILL.md also asserts ‘no external API keys’ and ‘runs locally’. That claim is plausible for keyword-only routing; semantic embeddings mentioned could require additional resources if implemented with external services, but no secrets are requested here.
Persistence & Privilege
Skill flags: always=false, user-invocable=true, normal autonomous invocation allowed. The skill does not request persistent system-wide privileges or modify other skills. No concerns on privilege from the metadata.
What to consider before installing
This registry entry is an instruction-only README for an npm package, not the package code itself. Before installing or running anything: 1) verify the npm package and GitHub repo URLs in the SKILL.md actually exist and are owned by the expected maintainer; 2) inspect the package source (or review the repo) for unexpected network calls, telemetry, or credential usage; 3) run `npm audit` and prefer installing into an isolated environment (container/VM) rather than globally; 4) if you plan to use semantic embeddings, confirm whether the implementation uses local models or calls external embedding APIs (which would require credentials and change the risk profile). The current entry is not clearly malicious but the mismatch (registry has no source/homepage while SKILL.md points to external code) is a reason to verify before proceeding.

Like a lobster shell, security has layers — review code before you run it.

latestvk97421m1zbybyvxk6xsb4mvjn182vk00

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments