clawrouter
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation instructs users to install an external plugin (@blockrun/clawrouter) using the openclaw plugin manager from an unverified registry (clawhub.ai). This resource is not associated with the skill author's known namespace (aaaaqwq).
- [NO_CODE]: No executable scripts or source code are present in the provided skill files; the functionality is entirely reliant on the external plugin mentioned in the installation instructions.
- [PROMPT_INJECTION]: The skill routes user requests into four classification tiers (SIMPLE, MEDIUM, COMPLEX, REASONING). This processing of untrusted data creates a surface for indirect prompt injection where malicious instructions could attempt to influence the routing logic or classifier outcome.
- Ingestion points: User prompts and requests intended for routing (SKILL.md).
- Boundary markers: No delimiters or isolation instructions are provided to distinguish user content from instructions.
- Capability inventory: The skill logic performs request tiering, while the external plugin provides the primary execution capabilities (SKILL.md).
- Sanitization: No sanitization, validation, or filtering of user input is described for the classification workflow.
Audit Metadata