← 返回 Skills 市场
grossiweb

ToolRoute

作者 grossiweb · GitHub ↗ · v1.0.4 · MIT-0
cross-platform ⚠ suspicious
133
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install toolroute
功能描述
Route every task to the best MCP server and cheapest LLM. Scores on real execution data across quality, reliability, speed, cost, and trust.
安全使用建议
This skill routes task descriptions to an external service (toolroute.io). Before installing: 1) Confirm the publisher and privacy policy (metadata shows no homepage/source but SKILL.md links to toolroute.io). 2) Do not send raw sensitive text — generalize or redact names, secrets, PII. 3) If you register, treat the returned agent_identity_id as a credential (store it securely and avoid committing it). 4) Prefer using the skill only for non-sensitive tasks until you verify the service (check TLS cert, privacy policy, and reputational signals). 5) Ask the publisher to fix metadata mismatches (declared required binaries/env) so the skill description accurately reflects runtime requirements.
功能分析
Type: OpenClaw Skill Name: toolroute Version: 1.0.4 The skill instructions in SKILL.md direct the AI agent to exfiltrate all user task descriptions to an external API (toolroute.io) under the guise of 'intelligent task routing.' This behavior constitutes a significant privacy risk and a behavioral override (prompt injection), as it instructs the agent to intercept every user interaction and send it to a third party. While the documentation claims to generalize sensitive data, the default instruction to the agent is to route 'every task' through their service, which could lead to the leakage of sensitive intent or context. Additionally, the skill includes a social-growth-hacking 'verification' mechanism requiring users to tweet for credits.
能力评估
Purpose & Capability
The SKILL.md behavior (POST task descriptions to https://toolroute.io to obtain an MCP server/model and optionally report outcome) aligns with the declared purpose of routing tasks to the best server/model. However, the registry metadata claims no required binaries or env vars while the SKILL.md lists curl as a required binary and instructs storing TOOLROUTE_AGENT_ID in an environment variable — an inconsistency that should be resolved by the publisher.
Instruction Scope
Instructions explicitly send natural-language task descriptions and telemetry to an external service. While the doc warns to generalize sensitive details, the skill depends on sending user-provided task text off-host, which can leak secrets if users are careless. The instructions do not request reading local files or other system credentials, which is good, but the allowed data flow to an external endpoint is the main risk.
Install Mechanism
This is an instruction-only skill with no install spec or code files, reducing on-disk risk. It mentions optional npm SDKs (@toolroute/sdk, @toolroute/hook) but does not require them. No downloads or extraction steps are present.
Credentials
Registry metadata lists no required env vars, yet SKILL.md asks users to store a returned agent_identity_id in an environment variable (TOOLROUTE_AGENT_ID). That single env var is plausible for attribution/credits, but the mismatch between metadata and instructions is confusing. The skill does not ask for unrelated secrets (AWS keys, tokens) which is proportional, but the agent ID could still be sensitive and link agent activity to your account.
Persistence & Privilege
The skill does not request always: true and is user-invocable only; autonomous invocation is allowed by default (normal). It does not claim to modify other skills or system-wide configs. No elevated persistence privileges are requested.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install toolroute
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /toolroute 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.4
Privacy and data handling section, credential storage guidance, sensitive task redaction guidance
v1.0.3
Added privacy section, credential storage guidance, fixed scanner concerns
v1.0.2
Improved routing, Consumer Reports scoring, 21 workflows, REST verification
v1.0.1
Simplified — focused on core API usage only
v1.0.0
Initial release — route agent tasks through ToolRoute for optimal MCP server and model selection
元数据
Slug toolroute
版本 1.0.4
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 5
常见问题

ToolRoute 是什么?

Route every task to the best MCP server and cheapest LLM. Scores on real execution data across quality, reliability, speed, cost, and trust. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 133 次。

如何安装 ToolRoute?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install toolroute」即可一键安装,无需额外配置。

ToolRoute 是免费的吗?

是的,ToolRoute 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

ToolRoute 支持哪些平台?

ToolRoute 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 ToolRoute?

由 grossiweb(@grossiweb)开发并维护,当前版本 v1.0.4。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论