ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Model Advisor

v0.1.0

模型推荐 + OpenClaw 安全系数分析工具。当用户询问"用哪个模型"、"推荐模型"、"适合什么模型"、"安全系数"、"openclaw 安全"、"根据历史"时触发。功能:(1) 根据历史会话自动分析任务类型并推荐最优的 Claude 模型(auto 模式),(2) 根据用户描述的任务推荐最优模型(recom...

0· 240·1 current·1 all-time
by@mrkangzubin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description claim recommending models and computing an OpenClaw security score — the code reads ~/.openclaw/openclaw.json, models.json, and recent session files to produce recommendations and a security report. Those file reads are necessary for the stated features and therefore proportionate.
Instruction Scope
SKILL.md and advisor.js explicitly instruct and implement reading recent session messages (~5 sessions) and openclaw.json to analyze task types and compute security metrics. That is within the stated purpose, but it means the skill will access and analyze private user messages and local gateway configuration (which may contain sensitive fields). There are no instructions to send data to remote endpoints in the visible code.
Install Mechanism
No install spec is provided (instruction-only skill) and the included script is intended to be executed locally with node. No remote downloads or extract/install steps are present, so nothing extra will be written to disk beyond running the packaged script.
Credentials
The skill requests no environment variables, no credentials, and no config paths beyond those under the user's ~/.openclaw directory. The requested access (openclaw.json, models.json, sessions directory) is appropriate for its functionality.
Persistence & Privilege
always is false and the skill does not request permanent presence or modify other skills. It only reads local files and prints recommendations — no elevated platform privileges are requested.
Assessment
This skill appears to do what it says — it analyzes your OpenClaw config and recent session messages to score security and recommend models. However, it reads private files in ~/.openclaw (session messages and openclaw.json), which may contain sensitive data (conversation content, API keys or auth config). Before running or installing: (1) review the full scripts/advisor.js to confirm there are no network calls or unexpected behavior (the visible portion shows none, but the file was truncated in the listing), (2) consider running it in a restricted environment or with a copy of your OpenClaw data if you want to avoid exposing real conversations, and (3) if you do not trust the skill author, do not execute the script as your main user — inspect it line-by-line or sandbox it. If you need, ask for a full listing of advisor.js to verify there are no outbound network requests or telemetry.

Like a lobster shell, security has layers — review code before you run it.

latestvk97da3nj9cr10aqym79k4byq6x82n3f0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments