ClawHub

Smart Model Switcher Pro

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed model-routing helper with overstated helper-script claims, but no evidence of hidden access, credential use, persistence, exfiltration, or destructive behavior.

Install only if you want broad automatic model-routing guidance to influence normal chats and subagent work. Verify the chosen model before sensitive or high-cost tasks, and do not rely on the included monitor script as an actual background service unless you independently confirm it works in your OpenClaw setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script presents itself as a background monitoring and automatic model-switching service, but the implementation only writes log messages and prints status text. In an agent skill context, this is dangerous because operators may rely on nonexistent runtime controls, monitoring, or failover behavior and make security or availability decisions based on false assurances.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The usage text advertises capabilities including zero-latency switching, auto model discovery, advanced fallback logic, and performance logging that are not implemented by the code. In a skill package, misleading operational claims can cause users to trust the component for resilience or security-sensitive routing when it provides only cosmetic output and basic logging.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill defines very broad routing categories such as '日常对话' and includes a catch-all default path, which makes model switching apply to a wide range of conversations without explicit user intent or clear boundaries. In an agent skill, underspecified activation/switch conditions can cause silent behavior changes, unexpected handling of sensitive content, and reduced predictability across contexts.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The pseudo-logic states that all sessions, including sub-agents, switch models on multimodal detection and otherwise follow broad default behavior, but it does not define scope constraints, exclusions, or safety checks. That creates an overly powerful global rule that can unexpectedly alter execution paths for unrelated tasks and increase the chance of mishandling privileged or sensitive agent workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal