ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Switch

v1.0.0

Manage multi-provider model switching and fallback chains in OpenClaw. "OpenClaw Switch" helps users set up automatic model failover (e.g. 429 rate-limit → f...

1· 454·1 current·1 all-time
by@2233admin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual behavior: the script lists models, shows fallbacks, and sets the primary model by editing openclaw.json. No unrelated binaries or credentials are requested. The optional OPENCLAW_CONFIG env var is appropriate for locating the config file.
Instruction Scope
SKILL.md and the included script are narrowly scoped: they read and write the local OpenClaw config ($OPENCLAW_CONFIG or ~/.openclaw/openclaw.json), parse JSON with python3 stdlib, and display information. The only external action is an optional 'openclaw daemon restart' when the 'openclaw' binary exists; otherwise there are no network calls or reads of other system secrets.
Install Mechanism
There is no automated installer in the bundle (instruction-only plus a script). The README suggests cloning the repo and adding the local bin to PATH — this is standard. No downloads from untrusted URLs or archive extraction are present in the package itself.
Credentials
The skill declares no required env vars and only optionally respects OPENCLAW_CONFIG to locate the config file. It does not request API keys or other credentials. This is proportionate to the declared functionality.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does modify the user's openclaw.json (expected for a config-management tool) and may invoke 'openclaw daemon restart' if present. Users should be aware it writes to their OpenClaw config file — back up before running in production.
Assessment
This bundle appears to be what it claims: a local tool that reads and updates your ~/.openclaw/openclaw.json (or $OPENCLAW_CONFIG) to change the primary model and show fallbacks. Before installing or running: (1) back up your openclaw.json so you can restore it if needed; (2) review/verify the script (it’s short and readable) to confirm you’re comfortable with it writing your config and optionally restarting the OpenClaw daemon; (3) confirm any 'openclaw' executable on your system is trusted because the script will call it to restart the daemon if present. A minor note: the README's clone URL and the script header comment reference different GitHub paths—this is suspiciously sloppy but does not change the script's local-only behavior. If you need extra assurance, run the commands in a safe/non-production environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fv8jxxhdb3a6w4jrzesn5gx81pa14

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

OpenClaw Switch

The missing model manager for OpenClaw. Switch models, visualize fallback chains, and manage multi-provider setups.

Quick start

# Show current model, fallback chain, heartbeat & subagent config
bash {baseDir}/scripts/openclaw-switch.sh status

# List all available models across all providers
bash {baseDir}/scripts/openclaw-switch.sh list

# Switch primary model (by number from list)
bash {baseDir}/scripts/openclaw-switch.sh switch 2

# Show fallback chain only
bash {baseDir}/scripts/openclaw-switch.sh fallback

How it works

OpenClaw natively supports model.fallbacks — when the primary model returns an error (429, 500, etc.), the next model in the chain is tried automatically. OpenClaw Switch helps users configure, visualize, and toggle this chain.

Typical setup

Register multiple providers in openclaw.json, each with its own API key:

{
  "models": {
    "providers": {
      "provider-a": { "apiKey": "...", "models": [{ "id": "model-1" }] },
      "provider-b": { "apiKey": "...", "models": [{ "id": "model-2" }] }
    }
  },
  "agents": {
    "defaults": {
      "model": {
        "primary": "provider-a/model-1",
        "fallbacks": ["provider-b/model-2"]
      }
    }
  }
}

Use cases

  • Same provider, two API keys (e.g. paid + free Gemini) — register as separate providers
  • Cross-provider failover (e.g. Gemini → OpenAI → local Ollama)
  • Cost optimization — route heartbeat/subagents to cheaper or free models

Security

The bundled script:

  • Never transmits API keys or config data over the network
  • Never logs full API keys (masks all but first 8 chars)
  • Uses only bash + python3 stdlib — zero external dependencies
  • Source is < 150 lines — fully auditable in 2 minutes

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…