clawrouter
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The installation instructions point to an external plugin @blockrun/clawrouter. The @blockrun organization is not on the trusted sources list, making this an unverifiable dependency.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The installation and execution of an external plugin from an untrusted source constitutes a remote code execution risk.
- [PROMPT_INJECTION] (LOW): The skill processes user prompts to classify them into routing tiers, creating an indirect prompt injection surface. Evidence: 1. Ingestion points: All user prompts are classified into tiers (SIMPLE, MEDIUM, etc.) in the router logic. 2. Boundary markers: None present in documentation. 3. Capability inventory: Routes requests to external LLM APIs (OpenAI, Anthropic, Google, etc.). 4. Sanitization: No evidence of prompt sanitization prior to classification.
- [METADATA_POISONING] (MEDIUM): The documentation refers to non-existent models (e.g., gpt-5.2, claude-opus-4.5), which is deceptive metadata.
Audit Metadata