Smart Model Switcher
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (unicode-control-chars); human review is required before treating this skill as clean.
Install only if you are comfortable with your tasks being routed among the configured model providers. Keep API keys scoped and protected, set spending limits, and separately review any referenced PowerShell helper or monitoring scripts because they are not included in the reviewed package. ClawScan detected prompt-injection indicators (unicode-control-chars), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Provider keys could be used to make billable model calls if the skill or related scripts are run.
The skill asks users to provide multiple provider API keys. This is expected for a multi-provider model switcher, but it gives the skill’s workflow delegated access to paid provider accounts.
在 `~/.openclaw/openclaw.json` 中配置各 Provider 的 API Key: ... "apiKey": "sk-bailian-xxx" ... export BAILIAN_API_KEY="sk-bailian-xxx"
Use least-privilege or dedicated API keys where possible, set provider spending limits, and store keys only in protected config or environment locations.
Your prompts, documents, or task content may be processed by whichever external provider the switcher selects.
The skill is designed to send user tasks to one of several external model providers, including automatic fallback to alternate providers.
全平台支持 - Bailian (Qwen)、MiniMax、GLM (智谱)、Kimi (月之暗面) ... 智能 Fallback - 主模型不可用时自动降级
Confirm that each configured provider is acceptable for your data, and avoid sending sensitive content unless the provider’s privacy and retention terms are suitable.
If you obtain and run those scripts from another source, their behavior has not been assessed in this artifact review.
README references helper scripts, but the reviewed file manifest contains only LICENSE.txt, README.md, SKILL.md, and _meta.json, so those scripts were not available for review.
└── scripts/
├── runtime-switch.ps1 # 运行时切换脚本
└── auto-monitor.ps1 # 后台监控服务Do not run external or missing helper scripts unless you review their contents and trust their source.
If installed from another source and started, a background service could continue using resources or provider credentials until stopped.
The documentation describes an optional background monitoring service. Start/stop/status controls are shown, and no included code demonstrates hidden autonomous behavior.
后台监控服务 ... .\scripts\auto-monitor.ps1 -Start ... .\scripts\auto-monitor.ps1 -Stop ... .\scripts\auto-monitor.ps1 -Status
Only start the monitor if you understand what it does, verify how to stop it, and review any script implementation first.