ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Smart Model Switcher

v4.0.0

智能模型自动切换 V4 - 多模态感知,自动识别图片/代码/文本任务,切换到最适合的模型。支持图片理解(qwen3-vl-plus)、代码(glm-5/qwen-coder)、长文本、推理等场景。零感知切换,无需手动操作。

0· 55·0 current·0 all-time
by@davidme6
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the code and SKILL.md: the script and instructions only implement task detection and session-level model switching. The included script targets a local gateway API and the README explains provider API keys/config — these are proportionate to a model-switcher skill.
Instruction Scope
SKILL.md instructs the agent to run a detection workflow before every response and to call session_status (or the local gateway endpoint) to change models. That is within the skill's purpose, but the doc explicitly shows how to switch other sessions by supplying a sessionKey; if the agent has access to session keys or broader session-management APIs this could be used to affect other chat channels. Also the SKILL.md contains a detected 'unicode-control-chars' pattern (prompt-injection signal) which may indicate manipulation attempts embedded in the instructions.
Install Mechanism
No install spec (instruction-only + small included script). No downloads or remote install URLs; risk from installation is low. The script is small and only uses Node builtin http modules to POST to localhost.
Credentials
The skill declares no required env vars or credentials. README shows optional provider API keys stored in user OpenClaw config or env vars — expected for a model-switcher that must be able to query model availability. Nothing requests unrelated secrets.
Persistence & Privilege
always:false (good). However the SKILL.md explicitly directs agents to run detection before every response (i.e., autonomous per-response behavior). Autonomous invocation is normal for skills, but combined with the ability to switch models for other sessions (via sessionKey) it increases blast radius if session management is not properly permissioned on the gateway.
Scan Findings in Context
[unicode-control-chars] unexpected: Control/unicode injection patterns were found in SKILL.md. This looks like prompt-injection style content embedded in the skill text; it's not necessary for a model-switcher and could be an attempt to influence model behavior or evade static review. Review the SKILL.md content closely and strip/control any non-visible characters before trusting automatic execution.
What to consider before installing
This skill is coherent with its stated purpose (auto-detect task type and switch models). However: 1) The skill instructs agents to run detection before every response and to use session_status or a local gateway API — confirm your gateway's /api/session/model endpoint requires proper auth and that sessionKey values cannot be abused to switch other users' sessions. 2) The SKILL.md contains a detected 'unicode-control-chars' pattern (possible prompt-injection); review the file for hidden characters or injected directives. 3) Test in a sandbox first: verify switching behavior only affects intended sessions, that the local endpoint doesn't accept unauthenticated requests, and that provider API keys remain under your control. 4) If you do not trust the author or cannot verify gateway protections, do not install in a production environment. If you want higher assurance, request the author to remove hidden/control characters and to document authentication/authorization requirements for the gateway API and sessionKey usage.

Like a lobster shell, security has layers — review code before you run it.

latestvk976mec9h48j1rmtyskqdr164s83dktv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments