ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Smart Model Switcher V3

v3.0.0

Universal Smart Model Switcher V3 - Multi-Provider, Multi-Model intelligent switching. Automatically selects the best model from ALL your purchased API plans...

1· 236·2 current·2 all-time
by@davidme6
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The README/SKILL.md describe active runtime behavior (API key validation, plan detection, connection-pool preloading, zero-latency switching, background monitor scripts). However the published package contains no executable code or scripts to implement those features (no scripts/ directory in the manifest). The skill also does not declare required credentials/config in its registry metadata despite describing multi-provider API key management. These inconsistencies mean the package as published cannot provide the claimed capabilities and may be incomplete or intentionally misleading.
!
Instruction Scope
The SKILL.md instructs the agent/operator to read and use ~/.openclaw/openclaw.json and/or environment variables like BAILIAN_API_KEY, MINIMAX_API_KEY, GLM_API_KEY, KIMI_API_KEY and to run scripts such as ./scripts/runtime-switch.ps1 and ./scripts/auto-monitor.ps1. Those files/scripts are not present in the bundle. The instructions therefore ask the agent to access local config and secrets (reasonable for a model-switcher) but do so without declaring or packaging the code that will perform network calls — creating an ambiguity about what will actually access those secrets. The SKILL.md also contains a pre-scan prompt-injection signal (unicode-control-chars) which could indicate crafted content attempting to influence evaluators or runtime behavior.
Install Mechanism
No install spec is provided (instruction-only), which minimizes direct install-time risk because nothing is written to disk by an installer. The README suggests installation via 'npx skills add' or manual git clone into OpenClaw directories; those are normal. However the README references scripts that are not included; if users follow the manual steps and then obtain scripts from elsewhere (untrusted locations) that introduces risk. Also the package's lack of code means users may download complementary components from other sources — a potential vector for supply-chain confusion.
!
Credentials
The registry metadata lists no required environment variables or primary credential, but the documentation and SKILL.md clearly expect multiple provider API keys (BAILIAN_API_KEY, MINIMAX_API_KEY, GLM_API_KEY, KIMI_API_KEY) and a config file at ~/.openclaw/openclaw.json. Not declaring these in the skill metadata is a mismatch and a red flag: the skill will need access to sensitive API keys to function, yet that requirement wasn't declared for reviewers or users.
Persistence & Privilege
The skill is not always-enabled (always: false) and is user-invocable; there is no install spec that would embed persistent privileged code. Nothing in the manifest requests system-wide persistence or modifies other skills' configs. This dimension does not introduce additional privilege concerns by itself.
Scan Findings in Context
[unicode-control-chars] unexpected: SKILL.md triggered a unicode-control-chars prompt-injection pattern. That is not expected for a straightforward README/instruction file and may indicate crafted content to influence evaluators or parsers. It does not by itself prove malicious intent but increases suspicion given other inconsistencies.
What to consider before installing
Do not install or provide API keys yet. The skill claims automated key validation, plan detection, and background scripts but the published bundle contains only documentation (no scripts or code) while still instructing you to place API keys in ~/.openclaw/openclaw.json or as environment variables. Ask the author to (1) publish the missing scripts and source code so you can inspect them, (2) update the skill metadata to declare required environment variables, and (3) provide reproducible build/install steps and signed releases (or a checked GitHub tag). If you need to test behavior, run it in a sandboxed environment and never reuse real provider keys — create limited-scope/test keys or revoke keys after testing. If the author instructs you to download scripts from external URLs, treat that as higher risk and inspect those files before running them.

Like a lobster shell, security has layers — review code before you run it.

bailianvk97761ptffp6sq4cn8jeqbq6a582k3bqglmvk97761ptffp6sq4cn8jeqbq6a582k3bqkimivk97761ptffp6sq4cn8jeqbq6a582k3bqlatestvk97761ptffp6sq4cn8jeqbq6a582k3bqminimaxvk97761ptffp6sq4cn8jeqbq6a582k3bqmodel-switchingvk97761ptffp6sq4cn8jeqbq6a582k3bqmulti-providervk97761ptffp6sq4cn8jeqbq6a582k3bqoptimizationvk97761ptffp6sq4cn8jeqbq6a582k3bqqwenvk97761ptffp6sq4cn8jeqbq6a582k3bqruntimevk97761ptffp6sq4cn8jeqbq6a582k3bqzero-latencyvk97761ptffp6sq4cn8jeqbq6a582k3bq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments