ClawHub

Smart Model Switcher

Security checks across malware telemetry and agentic risk

Overview

This skill has a real model-switching purpose, but it needs review because it can change model routing automatically and documents switching another session by session key.

Install only if you want automatic model/provider switching. Confirm your OpenClaw runtime restricts session_status to the active session, avoid workflows that target arbitrary sessionKey values, and use provider keys with spending and data limits because prompts, code, images, and attachments may be routed to different configured providers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs use of `session_status(sessionKey: "...")` to switch models for other sessions, which exceeds the scope of handling the current user interaction. This creates a cross-session integrity risk: if an agent can act on attacker-influenced instructions, it may alter model state for unrelated users or channels, causing unauthorized behavior changes, privacy issues, or disruption.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The auto-switch rules are broad enough to trigger on ordinary conversation content, causing model changes without clear user intent or strong task classification. This can be abused through prompt phrasing to force unnecessary capability escalation or route conversations to costlier or more permissive models, undermining predictable behavior.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The reasoning trigger relies on vague analytical language that appears in many normal requests, so routine questions may incorrectly switch to a reasoning model. An attacker or even accidental phrasing could repeatedly induce model changes, increasing cost and unpredictability and potentially enabling access to stronger model behaviors than necessary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal