openclaw intent router
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent local intent-routing skill, with the main cautions being that it can dispatch to registered handlers and its documentation points users to external npm/GitHub installs.
This skill appears benign from the supplied artifacts. Before installing, verify the referenced npm package or GitHub repository, and if you use the router with powerful skills, require confirmation for sensitive actions rather than letting confidence-based routing execute them automatically.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to powerful skills, an incorrect match could send a request to the wrong handler.
The skill is designed to select and route execution to registered handlers based on natural-language intent. This is the core purpose, but misrouting could matter if registered handlers perform sensitive or irreversible actions.
Routes execution to the best-fit skill handler
Use confidence thresholds, fallbacks, and explicit confirmation for handlers that send messages, modify data, spend money, publish content, or affect accounts.
Installing the referenced package would run code obtained outside the reviewed skill bundle.
The reviewed bundle is instruction-only, but its documentation directs users to install an external npm package or clone a GitHub repository. This is purpose-aligned and user-directed, but the external package code is not included in the supplied artifacts.
npm install openclaw-intent-router
Verify the npm package and GitHub repository, inspect package contents where possible, and prefer pinned versions before installing or using the CLI globally.