dynamic-model-router Security Report — Low Risk | ClawSafe

20 /100

dynamic-model-router

智能路由任务到最佳AI模型

Skill is a legitimate local AI model router with filesystem WRITE for config/learning storage, but SKILL.md does not declare these permissions. No malicious indicators detected.

Skill Namedynamic-model-router

Duration46.1s

Enginepi

✓

Safe to install

Update SKILL.md to declare filesystem:WRITE permission for config and learning data storage, as this is necessary for the skill's core functionality. Consider clarifying data retention policies.

Findings 3 items

Severity	Finding	Location
Low	Undeclared Filesystem WRITE Permission Doc Mismatch SKILL.md does not declare filesystem WRITE access, but the skill requires it for: config.json in ~/.openclaw/dynamic-router/, historical performance data, learning model data, and backups in .dynamic-router-storage/. This is a legitimate requirement for the skill's configuration persistence and learning features, but should be declared. `this.configPath = path.join(process.env.HOME \|\| process.env.USERPROFILE \|\| '.', '.openclaw');` → Add filesystem:WRITE to allowed-tools declaration in SKILL.md capabilities section	`src/utils/config.ts:36`
Info	Privacy Claim Not Fully Accurate Doc Mismatch SKILL.md claims '无数据外传：不向外部服务器发送用户数据' which is accurate (no network exfiltration found), but the claim '隐私安全：本地处理' could be misleading as it implies no persistent storage. The skill does store task routing decisions, performance metrics, and learning data locally. `隐私安全：本地处理，不泄露用户数据` → Clarify that local processing means no network data transmission, but local persistent storage is used for configuration and learning	`SKILL.md:1`
Info	Dependency Version Not Fully Pinned Supply Chain package.json uses ^ for version ranges in dependencies (sqlite3, winston, debug), which could pull unexpected versions. However, these are well-known stable packages. `"sqlite3": "^5.1.6"` → Consider pinning exact versions for reproducible builds: sqlite3: "5.1.6"	`package.json:30`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`WRITE`	✗ Violation	src/utils/config.ts:36 writes to ~/.openclaw/dynamic-router/
Environment	`NONE`	`READ`	✓ Aligned	src/storage/basic-storage.ts:62 reads NODE_ENV
Network	`NONE`	`NONE`	—	No external network calls detected
Shell	`NONE`	`NONE`	—	openclaw-invoker.ts calls openclaw CLI only, not arbitrary shell

18 findings

🔗

Medium External URL 外部 URL

https://keepachangelog.com/zh-CN/1.0.0/

CHANGELOG.md:5

🔗

Medium External URL 外部 URL

https://semver.org/lang/zh-CN/

CHANGELOG.md:6

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/License-MIT-yellow.svg

README.md:3

🔗

Medium External URL 外部 URL

https://opensource.org/licenses/MIT

README.md:3

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/OpenClaw-Skill-blue

README.md:4

🔗

Medium External URL 外部 URL

https://clawhub.com

README.md:4

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/TypeScript-5.0-blue

README.md:5

🔗

Medium External URL 外部 URL

https://www.typescriptlang.org/

README.md:5

🔗

Medium External URL 外部 URL

https://openclaw.ai

README.md:329

🔗

Medium External URL 外部 URL

https://docs.openclaw.ai

README.md:336

🔗

Medium External URL 外部 URL

https://discord.com/invite/clawd

README.md:337

🔗

Medium External URL 外部 URL

https://api.deepseek.com

src/index.ts:291

🔗

Medium External URL 外部 URL

https://api.minimax.chat

src/index.ts:312

🔗

Medium External URL 外部 URL

https://api.mistral.ai/v1

src/openclaw/provider-discovery.ts:333

🔗

Medium External URL 外部 URL

https://api.cohere.ai

src/openclaw/provider-discovery.ts:334

🔗

Medium External URL 外部 URL

https://api.minimax.chat/v1

src/openclaw/provider-discovery.ts:335

🔗

Medium External URL 外部 URL

https://dashscope.aliyuncs.com/compatible-mode/v1

src/openclaw/provider-discovery.ts:336

🔗

Medium External URL 外部 URL

https://api.baichuan-ai.com/v1

src/openclaw/provider-discovery.ts:337

File Tree

50 files · 421.2 KB · 15059 lines

TypeScript 37f · 13493L Markdown 3f · 774L JavaScript 7f · 568L JSON 3f · 224L

├─ ▾ 📁 src

│ ├─ ▾ 📁 core

│ │ └─ 📜 types.ts TypeScript 179L · 3.4 KB

│ ├─ ▾ 📁 learning

│ │ └─ 📜 basic-learner.ts TypeScript 824L · 24.1 KB

│ ├─ ▾ 📁 openclaw

│ │ ├─ 📜 index.ts TypeScript 8L · 231 B

│ │ ├─ 📜 model-adapter.ts TypeScript 486L · 12.6 KB

│ │ ├─ 📜 openclaw-invoker.ts TypeScript 686L · 19.1 KB

│ │ ├─ 📜 provider-discovery.ts TypeScript 610L · 16.7 KB

│ │ ├─ 📜 status-monitor.ts TypeScript 733L · 19.9 KB

│ │ └─ 📜 types.ts TypeScript 162L · 2.9 KB

│ ├─ ▾ 📁 routing

│ │ ├─ 📜 decision-engine.ts TypeScript 1517L · 45.1 KB

│ │ ├─ 📜 performance-predictor.ts TypeScript 583L · 18.0 KB

│ │ ├─ 📜 task-analyzer.ts TypeScript 1380L · 41.1 KB

│ │ └─ 📜 types.ts TypeScript 443L · 8.8 KB

│ ├─ ▾ 📁 storage

│ │ └─ 📜 basic-storage.ts TypeScript 1228L · 35.4 KB

│ ├─ ▾ 📁 utils

│ │ ├─ 📜 config.ts TypeScript 413L · 11.1 KB

│ │ ├─ 📜 index.ts TypeScript 379L · 10.2 KB

│ │ └─ 📜 logger.ts TypeScript 265L · 6.4 KB

│ └─ 📜 index.ts TypeScript 668L · 17.8 KB

├─ ▾ 📁 tests

│ ├─ ▾ 📁 __mocks__

│ │ └─ 📜 basic-storage.ts TypeScript 73L · 2.2 KB

│ ├─ ▾ 📁 integration

│ │ ├─ 📜 decision-engine-integration.test.ts TypeScript 440L · 15.2 KB

│ │ ├─ 📜 modules-integration.test.ts TypeScript 656L · 19.5 KB

│ │ └─ 📜 storage-integration.test.ts TypeScript 442L · 13.9 KB

│ ├─ ▾ 📁 mocks

│ │ ├─ 📜 decision-engine-mock.d.ts TypeScript 83L · 2.4 KB

│ │ ├─ 📜 decision-engine-mock.js JavaScript 161L · 4.7 KB

│ │ ├─ 📜 decision-engine-mock.ts TypeScript 187L · 4.2 KB

│ │ ├─ 📜 storage-mock.d.ts TypeScript 18L · 717 B

│ │ ├─ 📜 storage-mock.js JavaScript 85L · 2.5 KB

│ │ └─ 📜 storage-mock.ts TypeScript 93L · 2.4 KB

│ ├─ 📜 import-test.test.ts TypeScript 29L · 945 B

│ ├─ 📜 minimal.test.ts TypeScript 34L · 1.0 KB

│ ├─ 📜 real-engine-simple.test.ts TypeScript 69L · 2.2 KB

│ ├─ 📜 simple-mock.test.ts TypeScript 76L · 2.1 KB

│ ├─ 📜 simple-test.test.ts TypeScript 57L · 1.7 KB

│ ├─ 📜 storage-config.test.ts TypeScript 54L · 1.7 KB

│ ├─ 📜 test-config.d.ts TypeScript 45L · 1.2 KB

│ ├─ 📜 test-config.js JavaScript 69L · 2.2 KB

│ ├─ 📜 test-config.ts TypeScript 78L · 2.1 KB

│ ├─ 📜 test-setup.d.ts TypeScript 13L · 264 B

│ ├─ 📜 test-setup.js JavaScript 50L · 1.3 KB

│ ├─ 📜 test-setup.ts TypeScript 70L · 1.4 KB

│ ├─ 📜 testmode-verification.test.ts TypeScript 57L · 1.8 KB

│ └─ 📜 utils.test.ts TypeScript 355L · 10.0 KB

├─ 📝 CHANGELOG.md Markdown 98L · 3.3 KB

├─ 📜 jest.config.js JavaScript 66L · 1.4 KB

├─ 📋 package.json JSON 64L · 1.6 KB

├─ 📝 README.md Markdown 340L · 8.4 KB

├─ 📋 skill.json JSON 128L · 3.4 KB

├─ 📝 SKILL.md Markdown 336L · 8.1 KB

├─ 📜 test-direct.js JavaScript 69L · 1.9 KB

├─ 📜 test-direct.mjs JavaScript 68L · 1.9 KB

└─ 📋 tsconfig.json JSON 32L · 741 B

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`sqlite3`	`^5.1.6`	npm	No	Version range not pinned
`winston`	`^3.11.0`	npm	No	Version range not pinned
`debug`	`^4.3.4`	npm	No	Version range not pinned

Security Positives

✓ No base64-encoded execution or obfuscated code patterns detected

✓ No eval() or Function() dynamic code execution found

✓ No credential harvesting (no iteration through process.env for API keys)

✓ No sensitive file access (~/.ssh, ~/.aws, .env files not accessed)

✓ No curl|bash or wget|sh remote script execution patterns

✓ No C2 communication or external IP network requests

✓ Learning engine stores data locally, not exfiltrating

✓ CLI invocation (openclaw-invoker.ts) only calls openclaw CLI, not arbitrary commands

✓ Good input validation on routing requests

✓ Proper error handling with RouterError class

Scan Report

Findings 3 items

File Tree

Dependencies 3 items

Security Positives