Back to skill
Skillv1.0.0
ClawScan security
OpenClaw Model Switcher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 17, 2026, 7:29 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions are internally consistent with its stated purpose (changing OpenClaw's default model, backing up config, restarting the gateway, and auto-rolling back) and do not request unrelated credentials or external installs.
- Guidance
- This skill appears to do what it says: it edits ~/.openclaw/openclaw.json (or the path you pass), backs up to ~/.openclaw/config_backups, restarts the local 'openclaw' gateway, and rolls back on failure. Before running: (1) inspect the bundled script you will invoke (prefer scripts/model_switch.py which supports --config and the OPENCLAW_CONFIG env var); (2) ensure the 'openclaw' CLI on your PATH is the expected trusted binary (restart/status commands are invoked); (3) run a dry-run first to confirm behavior; (4) verify backups are created in ~/.openclaw/config_backups and test restoring manually if needed. The only notable issue is the duplicate files: the top-level script hardcodes the config path while the script under scripts/ honors overrides — be aware which file your agent will execute.
Review Dimensions
- Purpose & Capability
- okName, description, SKILL.md, README, and the included scripts all focus on the same task: validate a model, backup ~/.openclaw/openclaw.json, update agents.defaults.model.primary, restart the OpenClaw gateway, health-check, and rollback on failure. No unrelated services, credentials, or binaries are requested.
- Instruction Scope
- noteRuntime instructions explicitly read the OpenClaw config, modify only agents.defaults.model.primary, and restart the gateway — all within the stated purpose. A minor inconsistency: README and scripts/supporting file (scripts/model_switch.py) honor OPENCLAW_CONFIG / --config, but the top-level model_switch.py hardcodes ~/.openclaw/openclaw.json (does not read OPENCLAW_CONFIG). This can cause surprising behavior if a user expects the env/config override to apply to both files. Otherwise the instructions do not instruct reading unrelated files or transmitting data externally.
- Install Mechanism
- okNo install spec; skill is instruction-only with bundled scripts. There are no downloads, third-party package installs, or archive extraction steps. The scripts run local filesystem operations and call the local 'openclaw' CLI — expected for this purpose.
- Credentials
- okThe skill does not require credentials or sensitive environment variables. README documents an optional OPENCLAW_CONFIG env var (reasonable). The only env-related inconsistency is that one included script honors OPENCLAW_CONFIG while the other ignores it; this is a usability issue but not a credential or exfiltration concern.
- Persistence & Privilege
- okSkill is not always-enabled, is user-invocable, and does not request elevated or persistent privileges beyond modifying the user's OpenClaw config and restarting the local gateway (which is necessary for the stated function). It does not modify other skills or system-wide agent settings.