ClawHub

Smart Model Switcher V2

Security checks across malware telemetry and agentic risk

Overview

This skill is a model-switching helper, but it can silently reroute prompts and attachments to different providers based on broad triggers and includes misleading monitor-service wording.

Install only if you intentionally want automatic session-level model/provider switching. Treat the bundled monitor script as a demo/status helper, not a real background service, and review whether silent switching, broad keyword triggers, and any sessionKey-based switching are acceptable for your privacy, cost, and data-handling expectations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script presents itself as a background monitoring and automatic model-switching service, but it only writes log messages and prints status/help text. This is a security-relevant deception because operators may believe protective or routing behavior is active when it is not, leading to unsafe reliance, incorrect model handling, and reduced oversight in a system that claims automatic control.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The inline comments and console output repeatedly describe runtime monitoring, zero-latency switching, auto discovery, and fallback features that do not exist in the code. In a skill whose purpose is automatic model selection, misleading operational text increases the chance that users trust nonexistent automation, which can cause security, compliance, or reliability controls to be bypassed under false assumptions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger logic uses very broad keywords such as 写, 分析, 思考, and similar generic terms to drive automatic session-level model switching. This can cause routine requests to silently select a different model than intended, which may change data handling, provider exposure, cost, or capability profile without clear user consent.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The description advertises automatic, zero-awareness switching with no manual operation, encouraging silent behavior across ordinary interactions. In a skill that can alter the active model/provider for a session, this increases the risk of unintended routing of user data and makes it harder for users to detect or control when a switch occurs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal