Skillv6.0.0

ClawScan security

Smart Model Switcher Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 3, 2026, 4:10 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (automatic model switching) matches its instructions, but the runtime instructions and included scripts imply global/sub-agent model changes and implicit access to a user's OpenClaw config/log paths without declaring them — proceed with caution.
Guidance: This skill is coherent with its stated purpose (automatic multi-modal model switching), but it implicitly expects the ability to affect 'all sessions' and sub-agents and references a user OpenClaw config/log directory that it did not declare as required. If you consider installing: - Only run the provided scripts after manually inspecting them. They are plain-text PowerShell scripts that will write logs to $env:USERPROFILE\.openclaw and could be executed as a background monitor if you run them. - Be cautious about giving this skill or any agent permission to change models for sub-agents or global sessions; ensure you understand and consent to that scope. - If you need to test, run the scripts in a sandboxed environment or a test account first and back up your OpenClaw config (openclaw.json). - Ask the author for explicit documentation about what data (config files) the skill reads/writes and for a signed/verified homepage or source. Given the missing declaration of config access and the broad instruction to change sub-agent models, treat this skill as suspicious until you confirm the exact scope and permissions.

Review Dimensions

Purpose & Capability: noteThe name/description (automatic multi-modal model switching) align with the SKILL.md and the included runtime scripts, which implement task detection and model mapping. However, the scripts reference a user config path ($env:USERPROFILE\.openclaw\openclaw.json) and operate on 'all sessions (main window + sub-agents)', which is broader than the declared registry metadata (which lists no required config paths or special permissions). The implicit expectation that the skill can inspect/affect global agent settings is not declared.
Instruction Scope: concernSKILL.md instructs the agent to perform automatic switching for main window and sub-agents and includes code-like logic for 'all sessions'. The included scripts (PowerShell-formatted .txt files) perform monitoring, write logs to the user's .openclaw directory, and provide a runtime-switch utility that reads a ConfigPath defaulting to the user's OpenClaw config. The skill does not explicitly declare reading/writing those paths or limits on changing other agents' models. That scope (affecting sub-agents and system-wide switching) is broad and not transparently authorized.
Install Mechanism: okThere is no install spec and no code files to be compiled or remote archives to download; the skill is instruction-only. This reduces supply-chain risk. Note: the package includes plaintext script files that, if executed by the user/agent, would create/append logs and could be run as a background monitor — but nothing is auto-installed by the registry metadata.
Credentials: noteThe skill declares no required environment variables or credentials (good). Still, the scripts reference the user's HOME-like environment ($env:USERPROFILE) and an OpenClaw config path. Those accesses are plausible for a model-switcher but were not declared as required config paths in the metadata. There are no requests for API keys or secrets — which is appropriate — but the implicit file access should be disclosed.
Persistence & Privilege: noteThe skill is not marked always:true and does not request autonomous installation. The SKILL.md describes running an 'auto monitor' background service and provides scripts to start/stop/status that would persist logs under the user's .openclaw directory if executed. Because there's no install spec, persistence only occurs if the agent/user runs those scripts; nevertheless, the skill's instructions encourage running a background monitor that affects model selection across sessions.