Back to skill
Skillv1.0.0
ClawScan security
Openclaw Switch · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 23, 2026, 10:31 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions are consistent with its stated purpose: it only reads/modifies the local openclaw.json and optionally restarts the OpenClaw daemon; nothing in the bundle attempts network exfiltration or asks for unrelated credentials.
- Guidance
- This bundle appears to be what it claims: a local tool that reads and updates your ~/.openclaw/openclaw.json (or $OPENCLAW_CONFIG) to change the primary model and show fallbacks. Before installing or running: (1) back up your openclaw.json so you can restore it if needed; (2) review/verify the script (it’s short and readable) to confirm you’re comfortable with it writing your config and optionally restarting the OpenClaw daemon; (3) confirm any 'openclaw' executable on your system is trusted because the script will call it to restart the daemon if present. A minor note: the README's clone URL and the script header comment reference different GitHub paths—this is suspiciously sloppy but does not change the script's local-only behavior. If you need extra assurance, run the commands in a safe/non-production environment first.
Review Dimensions
- Purpose & Capability
- okName/description match the actual behavior: the script lists models, shows fallbacks, and sets the primary model by editing openclaw.json. No unrelated binaries or credentials are requested. The optional OPENCLAW_CONFIG env var is appropriate for locating the config file.
- Instruction Scope
- okSKILL.md and the included script are narrowly scoped: they read and write the local OpenClaw config ($OPENCLAW_CONFIG or ~/.openclaw/openclaw.json), parse JSON with python3 stdlib, and display information. The only external action is an optional 'openclaw daemon restart' when the 'openclaw' binary exists; otherwise there are no network calls or reads of other system secrets.
- Install Mechanism
- okThere is no automated installer in the bundle (instruction-only plus a script). The README suggests cloning the repo and adding the local bin to PATH — this is standard. No downloads from untrusted URLs or archive extraction are present in the package itself.
- Credentials
- okThe skill declares no required env vars and only optionally respects OPENCLAW_CONFIG to locate the config file. It does not request API keys or other credentials. This is proportionate to the declared functionality.
- Persistence & Privilege
- noteThe skill is not always-enabled and is user-invocable. It does modify the user's openclaw.json (expected for a config-management tool) and may invoke 'openclaw daemon restart' if present. Users should be aware it writes to their OpenClaw config file — back up before running in production.