Claude Code Switchboard
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: claude-code-switchboard Version: 1.2.0 The skill bundle 'claude-code-switchboard' (aliased as 'remote-control' in SKILL.md) instructs the AI agent to perform high-risk operations, including modifying system configuration files (~/.openclaw/openclaw.json) and restarting services. While these actions are aligned with the stated purpose of managing Telegram routing, they grant the agent significant control over the local environment. The bundle also contains inconsistencies, such as a future-dated timestamp in _meta.json and references to non-existent models like 'claude-haiku-4-5' and 'gpt-4.1-mini', which are unusual for a legitimate utility.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An unexpected or mistaken invocation could change which backend processes Telegram messages or disrupt the gateway during restart.
The skill directs the agent to edit a central OpenClaw configuration file and restart the gateway. That matches the stated routing purpose, but it is a high-impact operation and the artifact does not specify confirmation, diff review, backup, validation, or precise containment before applying the change.
Steps: 1. Read `~/.openclaw/openclaw.json` 2. Update `agents.defaults.model.primary` to the resolved model reference 3. Write the updated config 4. Restart the gateway service 5. Verify via gateway logs
Require explicit user approval before writes and restarts, show the exact config diff, back up `openclaw.json`, validate with `openclaw doctor`, and restrict changes to allowlisted routing fields.
Telegram-originated requests could be handled by a local agent with tool access if the gateway is configured to use CLI providers.
Switching from API providers to local Claude Code providers changes the privilege boundary from no-tool API calls to a local tool-enabled Claude Code backend for Telegram-routed messages.
- **CLI providers** (`claude-cli/opus`, `claude-cli/sonnet`): Use local Claude Code with full tool access - **API providers** (`anthropic/claude-haiku-4-5`, `openai/gpt-4.1-mini`): Direct API calls, faster but no tools
Only enable CLI providers for trusted Telegram users or chats, document who can trigger the gateway, and consider sandboxing or using API-only mode for untrusted channels.
A bad model reference or unsuitable fallback chain could affect many future Telegram messages, not just the current command.
The routing change is stored in shared default agent settings and fallback chains, so one configuration change can affect future message processing until it is reverted.
All settings live in `~/.openclaw/openclaw.json` under `agents.defaults`. - `model.primary` — The primary model/provider reference - `model.fallbacks` — Ordered fallback chain when primary is unavailable
Treat routing changes as persistent operational changes: validate them, monitor logs after restart, and keep a known-good backup for quick rollback.
The platform may not warn users that the skill depends on OpenClaw, Claude Code CLI, and local OpenClaw configuration access.
The README discloses runtime requirements, but the registry metadata declares no required binaries, config paths, or install spec. This is an under-declaration rather than evidence of hidden code.
## Requirements - [OpenClaw](https://openclaw.ai) with Telegram channel enabled - Claude Code CLI
Update metadata to declare the required CLI/runtime and the `~/.openclaw/openclaw.json` config path.
Running the logs command may reveal message contents, user identifiers, errors, or backend details in the agent session.
The logs command reads recent gateway logs, which may contain Telegram message details or operational context. This is purpose-aligned for troubleshooting, but users should treat logs as potentially sensitive.
/telegram-routing logs # Show recent message processing logs ... | Gateway issues | Check `~/.openclaw/logs/gateway.log` for details |
Redact sensitive log content before sharing it and avoid treating log text as trusted instructions.