ClawHub

Smart Model Switcher V3

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it should be reviewed because it asks for multiple paid model-provider API keys and describes automatic external validation, fallback routing, monitoring, and periodic checks without enough user control or included implementation.

Install only if you are comfortable with prompts, account checks, and model availability requests going to multiple third-party providers. Use restricted API keys with billing caps, inspect any referenced scripts from a trusted pinned source before running them, and avoid sensitive data unless you can constrain routing to approved providers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README promotes automatic API key validation and purchased-plan/model detection, which necessarily implies contacting third-party provider endpoints using user credentials. Failing to warn users that validation and availability checks transmit credentials and may reveal account metadata creates a real security/privacy risk because users may invoke these checks without understanding the external exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented commands for -ValidateKeys and -CheckAvailability/-CheckModels instruct users to trigger network actions against external providers but omit any notice about outbound connections, credential use, rate limits, or exposure of environment/account metadata. In an agent skill context, users may run these commands expecting local checks, making the omission materially risky.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The task-classification table uses very broad everyday keywords such as '你好', '帮助', '简单', and '快速', which can match ordinary conversation and unintentionally activate model-switching behavior. In a multi-provider skill, accidental activation increases the chance that prompts are routed to external services the user did not explicitly intend to use, creating privacy, cost, and policy-enforcement risks.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The description advertises automatic switching across many third-party providers but does not clearly warn users that their prompts may be transmitted to multiple external APIs. Because the skill performs provider selection, fallback, key validation, and package detection, users may unknowingly expose sensitive prompts or metadata to additional vendors beyond their expected default provider.

Hidden Instructions

High
Category
Prompt Injection
Content
MIT License - 详见 [LICENSE](LICENSE) 文件

## 👨‍💻 作者

**davidme6**
Confidence
67% confidence
Finding

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal