ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Smart Model Switcher Pro

v6.0.0

智能模型自动切换 Pro V6.0.0(类 Trae 模式)- 多模态感知,自动识别图片/视频/音频/代码/文本任务,切换到最适合的模型。支持图片理解 (qwen3-vl-plus)、视频音频 (qwen3.5-plus)、代码 (glm-5)、Office 文档 (MiniMax-M2.5)、推理等场景。零感知...

0· 78·0 current·0 all-time
by@davidme6·duplicate of @davidme6/smart-model-switcher-v2
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (automatic multi-modal model switching) align with the SKILL.md and the included runtime scripts, which implement task detection and model mapping. However, the scripts reference a user config path ($env:USERPROFILE\.openclaw\openclaw.json) and operate on 'all sessions (main window + sub-agents)', which is broader than the declared registry metadata (which lists no required config paths or special permissions). The implicit expectation that the skill can inspect/affect global agent settings is not declared.
!
Instruction Scope
SKILL.md instructs the agent to perform automatic switching for main window and sub-agents and includes code-like logic for 'all sessions'. The included scripts (PowerShell-formatted .txt files) perform monitoring, write logs to the user's .openclaw directory, and provide a runtime-switch utility that reads a ConfigPath defaulting to the user's OpenClaw config. The skill does not explicitly declare reading/writing those paths or limits on changing other agents' models. That scope (affecting sub-agents and system-wide switching) is broad and not transparently authorized.
Install Mechanism
There is no install spec and no code files to be compiled or remote archives to download; the skill is instruction-only. This reduces supply-chain risk. Note: the package includes plaintext script files that, if executed by the user/agent, would create/append logs and could be run as a background monitor — but nothing is auto-installed by the registry metadata.
Credentials
The skill declares no required environment variables or credentials (good). Still, the scripts reference the user's HOME-like environment ($env:USERPROFILE) and an OpenClaw config path. Those accesses are plausible for a model-switcher but were not declared as required config paths in the metadata. There are no requests for API keys or secrets — which is appropriate — but the implicit file access should be disclosed.
Persistence & Privilege
The skill is not marked always:true and does not request autonomous installation. The SKILL.md describes running an 'auto monitor' background service and provides scripts to start/stop/status that would persist logs under the user's .openclaw directory if executed. Because there's no install spec, persistence only occurs if the agent/user runs those scripts; nevertheless, the skill's instructions encourage running a background monitor that affects model selection across sessions.
What to consider before installing
This skill is coherent with its stated purpose (automatic multi-modal model switching), but it implicitly expects the ability to affect 'all sessions' and sub-agents and references a user OpenClaw config/log directory that it did not declare as required. If you consider installing: - Only run the provided scripts after manually inspecting them. They are plain-text PowerShell scripts that will write logs to $env:USERPROFILE\.openclaw and could be executed as a background monitor if you run them. - Be cautious about giving this skill or any agent permission to change models for sub-agents or global sessions; ensure you understand and consent to that scope. - If you need to test, run the scripts in a sandboxed environment or a test account first and back up your OpenClaw config (openclaw.json). - Ask the author for explicit documentation about what data (config files) the skill reads/writes and for a signed/verified homepage or source. Given the missing declaration of config access and the broad instruction to change sub-agent models, treat this skill as suspicious until you confirm the exact scope and permissions.

Like a lobster shell, security has layers — review code before you run it.

latestvk9791cf24v1e0gxkd23edgtcb9845649

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments