llmfit
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: llmfit Version: 0.2.2 The skill bundle is benign. It serves as a wrapper for the `llmfit` command-line tool, providing instructions for its installation via `brew` or `cargo`, execution to gather system hardware information and model recommendations, and subsequent configuration of the OpenClaw agent's `openclaw.json` with the chosen local LLM. All actions, including external binary execution and configuration file modification, are transparently documented in `SKILL.md` and directly align with the stated purpose of recommending and configuring local LLMs based on hardware capabilities. There is no evidence of data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection designed to subvert the agent for malicious purposes.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may require trusting an external command-line package that will run locally on your machine.
The skill relies on installing an external llmfit binary, while the artifact set contains only SKILL.md and no reviewed implementation code. This is purpose-aligned for a CLI-backed advisor, but it leaves package provenance to the install source.
brew | formula: AlexsJones/llmfit | creates binaries: llmfit; node | creates binaries: llmfit
Review the llmfit package source and install source before installing, and use the official package channel if available.
The tool will execute a local binary to read hardware information such as CPU, RAM, GPU, and VRAM.
The skill instructs the agent to run the llmfit CLI to detect local hardware. This command execution is central to the stated purpose and uses fixed, narrow commands rather than arbitrary shell input.
llmfit --json system
Only install and run llmfit if you are comfortable allowing it to inspect local hardware specifications.
If applied, the recommendation could change which local model OpenClaw uses by default in later sessions.
The skill provides instructions for changing OpenClaw model-provider configuration and optionally the default model. This is aligned with the model-advisor purpose, but configuration changes can affect future agent behavior.
Then update `openclaw.json`... And optionally set as default
Confirm the chosen model and provider before allowing edits to OpenClaw configuration, especially default model settings.