Model Guard
v1.0.0Monitors Anti-Gravity model quotas and automatically switches to the model with highest quota or falls back to gemini-flash if all are below 20%.
⭐ 2· 1.3k·5 current·8 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md and guard.js implement a coherent feature: query 'openclaw models status' and switch models via 'openclaw models set'. However the skill's declared requirements list no required binaries even though the script depends on the 'openclaw' CLI being present on PATH. The skill also has no human-friendly description or provenance information (homepage/source unknown), which reduces trust.
Instruction Scope
Runtime instructions and the script stay within the stated purpose: they only call the local 'openclaw' CLI, parse status output, and may call 'openclaw models set'. The script does not contact external network endpoints, read arbitrary filesystem locations, or access environment variables. It directs no data off-host.
Install Mechanism
No install spec is provided (instruction-only + included script). Nothing is downloaded or written by an installer. The package exposes a CLI via package.json, which is expected for this type of tool.
Credentials
The skill requests no environment variables or credentials and the code does not reference secrets or external tokens. This is proportionate to the stated task.
Persistence & Privilege
always:false (normal). The skill can be invoked autonomously by the agent (default), and when executed it will change the agent/system default model via 'openclaw models set'—a legitimate but impactful action. Consider whether autonomous runs should be allowed or limited by scheduling/auditing.
What to consider before installing
Before installing: (1) confirm you have the 'openclaw' CLI on PATH and test 'openclaw models status' and 'openclaw models set' manually; the package metadata currently omits this required binary. (2) Review the CANDIDATES and FALLBACK_MODEL strings in guard.js to ensure they are models you trust and that switching to them is acceptable. (3) Because the script runs shell commands, prefer running it in a controlled environment and/or review logs/audit for automatic runs; you may restrict autonomous invocation or run it on a cron job you control. (4) Consider hardening the script (use execFile/spawn with args or validate model names strictly) to reduce shell-injection risk if you ever change candidate sources. (5) If provenance matters, seek a published source/homepage or contact the owner before trusting this skill in production.Like a lobster shell, security has layers — review code before you run it.
latest
Model Guard
Automatically monitors Anti-Gravity model quotas and switches the default model to the one with the highest remaining quota. If all Anti-Gravity models are below 20%, it falls back to the native gemini-flash model.
Usage
- Manual trigger:
model-guard - Auto trigger: Designed to be run via
cronorheartbeat.
Configuration
Edit guard.js to change the THRESHOLD (default 20%) or FALLBACK_MODEL.
Comments
Loading comments...