dynamic-model-router 安全扫描报告 — 低风险 | ClawSafe

20 /100

dynamic-model-router

智能路由任务到最佳AI模型

Skill is a legitimate local AI model router with filesystem WRITE for config/learning storage, but SKILL.md does not declare these permissions. No malicious indicators detected.

技能名称dynamic-model-router

分析耗时46.1s

引擎pi

✓

可以安装

Update SKILL.md to declare filesystem:WRITE permission for config and learning data storage, as this is necessary for the skill's core functionality. Consider clarifying data retention policies.

安全发现 3 项

严重性	安全发现	位置
低危	Undeclared Filesystem WRITE Permission 文档欺骗 SKILL.md does not declare filesystem WRITE access, but the skill requires it for: config.json in ~/.openclaw/dynamic-router/, historical performance data, learning model data, and backups in .dynamic-router-storage/. This is a legitimate requirement for the skill's configuration persistence and learning features, but should be declared. `this.configPath = path.join(process.env.HOME \|\| process.env.USERPROFILE \|\| '.', '.openclaw');` → Add filesystem:WRITE to allowed-tools declaration in SKILL.md capabilities section	`src/utils/config.ts:36`
提示	Privacy Claim Not Fully Accurate 文档欺骗 SKILL.md claims '无数据外传：不向外部服务器发送用户数据' which is accurate (no network exfiltration found), but the claim '隐私安全：本地处理' could be misleading as it implies no persistent storage. The skill does store task routing decisions, performance metrics, and learning data locally. `隐私安全：本地处理，不泄露用户数据` → Clarify that local processing means no network data transmission, but local persistent storage is used for configuration and learning	`SKILL.md:1`
提示	Dependency Version Not Fully Pinned 供应链 package.json uses ^ for version ranges in dependencies (sqlite3, winston, debug), which could pull unexpected versions. However, these are well-known stable packages. `"sqlite3": "^5.1.6"` → Consider pinning exact versions for reproducible builds: sqlite3: "5.1.6"	`package.json:30`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✗ 越权	src/utils/config.ts:36 writes to ~/.openclaw/dynamic-router/
环境变量	`NONE`	`READ`	✓ 一致	src/storage/basic-storage.ts:62 reads NODE_ENV
网络访问	`NONE`	`NONE`	—	No external network calls detected
命令执行	`NONE`	`NONE`	—	openclaw-invoker.ts calls openclaw CLI only, not arbitrary shell

18 项发现

🔗

中危外部 URL 外部 URL

https://keepachangelog.com/zh-CN/1.0.0/

CHANGELOG.md:5

🔗

中危外部 URL 外部 URL

https://semver.org/lang/zh-CN/

CHANGELOG.md:6

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/License-MIT-yellow.svg

README.md:3

🔗

中危外部 URL 外部 URL

https://opensource.org/licenses/MIT

README.md:3

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/OpenClaw-Skill-blue

README.md:4

🔗

中危外部 URL 外部 URL

https://clawhub.com

README.md:4

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/TypeScript-5.0-blue

README.md:5

🔗

中危外部 URL 外部 URL

https://www.typescriptlang.org/

README.md:5

🔗

中危外部 URL 外部 URL

https://openclaw.ai

README.md:329

🔗

中危外部 URL 外部 URL

https://docs.openclaw.ai

README.md:336

🔗

中危外部 URL 外部 URL

https://discord.com/invite/clawd

README.md:337

🔗

中危外部 URL 外部 URL

https://api.deepseek.com

src/index.ts:291

🔗

中危外部 URL 外部 URL

https://api.minimax.chat

src/index.ts:312

🔗

中危外部 URL 外部 URL

https://api.mistral.ai/v1

src/openclaw/provider-discovery.ts:333

🔗

中危外部 URL 外部 URL

https://api.cohere.ai

src/openclaw/provider-discovery.ts:334

🔗

中危外部 URL 外部 URL

https://api.minimax.chat/v1

src/openclaw/provider-discovery.ts:335

🔗

中危外部 URL 外部 URL

https://dashscope.aliyuncs.com/compatible-mode/v1

src/openclaw/provider-discovery.ts:336

🔗

中危外部 URL 外部 URL

https://api.baichuan-ai.com/v1

src/openclaw/provider-discovery.ts:337

目录结构

50 文件 · 421.2 KB · 15059 行

TypeScript 37f · 13493L Markdown 3f · 774L JavaScript 7f · 568L JSON 3f · 224L

├─ ▾ 📁 src

│ ├─ ▾ 📁 core

│ │ └─ 📜 types.ts TypeScript 179L · 3.4 KB

│ ├─ ▾ 📁 learning

│ │ └─ 📜 basic-learner.ts TypeScript 824L · 24.1 KB

│ ├─ ▾ 📁 openclaw

│ │ ├─ 📜 index.ts TypeScript 8L · 231 B

│ │ ├─ 📜 model-adapter.ts TypeScript 486L · 12.6 KB

│ │ ├─ 📜 openclaw-invoker.ts TypeScript 686L · 19.1 KB

│ │ ├─ 📜 provider-discovery.ts TypeScript 610L · 16.7 KB

│ │ ├─ 📜 status-monitor.ts TypeScript 733L · 19.9 KB

│ │ └─ 📜 types.ts TypeScript 162L · 2.9 KB

│ ├─ ▾ 📁 routing

│ │ ├─ 📜 decision-engine.ts TypeScript 1517L · 45.1 KB

│ │ ├─ 📜 performance-predictor.ts TypeScript 583L · 18.0 KB

│ │ ├─ 📜 task-analyzer.ts TypeScript 1380L · 41.1 KB

│ │ └─ 📜 types.ts TypeScript 443L · 8.8 KB

│ ├─ ▾ 📁 storage

│ │ └─ 📜 basic-storage.ts TypeScript 1228L · 35.4 KB

│ ├─ ▾ 📁 utils

│ │ ├─ 📜 config.ts TypeScript 413L · 11.1 KB

│ │ ├─ 📜 index.ts TypeScript 379L · 10.2 KB

│ │ └─ 📜 logger.ts TypeScript 265L · 6.4 KB

│ └─ 📜 index.ts TypeScript 668L · 17.8 KB

├─ ▾ 📁 tests

│ ├─ ▾ 📁 __mocks__

│ │ └─ 📜 basic-storage.ts TypeScript 73L · 2.2 KB

│ ├─ ▾ 📁 integration

│ │ ├─ 📜 decision-engine-integration.test.ts TypeScript 440L · 15.2 KB

│ │ ├─ 📜 modules-integration.test.ts TypeScript 656L · 19.5 KB

│ │ └─ 📜 storage-integration.test.ts TypeScript 442L · 13.9 KB

│ ├─ ▾ 📁 mocks

│ │ ├─ 📜 decision-engine-mock.d.ts TypeScript 83L · 2.4 KB

│ │ ├─ 📜 decision-engine-mock.js JavaScript 161L · 4.7 KB

│ │ ├─ 📜 decision-engine-mock.ts TypeScript 187L · 4.2 KB

│ │ ├─ 📜 storage-mock.d.ts TypeScript 18L · 717 B

│ │ ├─ 📜 storage-mock.js JavaScript 85L · 2.5 KB

│ │ └─ 📜 storage-mock.ts TypeScript 93L · 2.4 KB

│ ├─ 📜 import-test.test.ts TypeScript 29L · 945 B

│ ├─ 📜 minimal.test.ts TypeScript 34L · 1.0 KB

│ ├─ 📜 real-engine-simple.test.ts TypeScript 69L · 2.2 KB

│ ├─ 📜 simple-mock.test.ts TypeScript 76L · 2.1 KB

│ ├─ 📜 simple-test.test.ts TypeScript 57L · 1.7 KB

│ ├─ 📜 storage-config.test.ts TypeScript 54L · 1.7 KB

│ ├─ 📜 test-config.d.ts TypeScript 45L · 1.2 KB

│ ├─ 📜 test-config.js JavaScript 69L · 2.2 KB

│ ├─ 📜 test-config.ts TypeScript 78L · 2.1 KB

│ ├─ 📜 test-setup.d.ts TypeScript 13L · 264 B

│ ├─ 📜 test-setup.js JavaScript 50L · 1.3 KB

│ ├─ 📜 test-setup.ts TypeScript 70L · 1.4 KB

│ ├─ 📜 testmode-verification.test.ts TypeScript 57L · 1.8 KB

│ └─ 📜 utils.test.ts TypeScript 355L · 10.0 KB

├─ 📝 CHANGELOG.md Markdown 98L · 3.3 KB

├─ 📜 jest.config.js JavaScript 66L · 1.4 KB

├─ 📋 package.json JSON 64L · 1.6 KB

├─ 📝 README.md Markdown 340L · 8.4 KB

├─ 📋 skill.json JSON 128L · 3.4 KB

├─ 📝 SKILL.md Markdown 336L · 8.1 KB

├─ 📜 test-direct.js JavaScript 69L · 1.9 KB

├─ 📜 test-direct.mjs JavaScript 68L · 1.9 KB

└─ 📋 tsconfig.json JSON 32L · 741 B

依赖分析 3 项

包名	版本	来源	已知漏洞	备注
`sqlite3`	`^5.1.6`	npm	否	Version range not pinned
`winston`	`^3.11.0`	npm	否	Version range not pinned
`debug`	`^4.3.4`	npm	否	Version range not pinned

安全亮点

✓ No base64-encoded execution or obfuscated code patterns detected

✓ No eval() or Function() dynamic code execution found

✓ No credential harvesting (no iteration through process.env for API keys)

✓ No sensitive file access (~/.ssh, ~/.aws, .env files not accessed)

✓ No curl|bash or wget|sh remote script execution patterns

✓ No C2 communication or external IP network requests

✓ Learning engine stores data locally, not exfiltrating

✓ CLI invocation (openclaw-invoker.ts) only calls openclaw CLI, not arbitrary commands

✓ Good input validation on routing requests

✓ Proper error handling with RouterError class