model-router

No evidence of explicit malicious code in the provided documentation; primary risks are operational and supply-chain: plaintext local credential storage, unpinned dependencies, and integration with an external CLI (sessions_spawn) that could forward credentials or data. Treat the package as functionally correct for routing tasks but requiring hardening before production use. Review implementation of setup-wizard and scripts that read .api-keys, ensure secrets are stored in a proper secret manager or encrypted at application level, pin dependencies, and audit any external integrations to confirm they do not exfiltrate secrets.