ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hudl AI Openclaw Model Switch

v1.0.3

Switch between LLM models on the Huddle01 GRU gateway. Use this skill whenever the user mentions switching models, changing models, upgrading, downgrading, "...

0· 232·0 current·0 all-time
byOm Gupta@omguptaind
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, README, SKILL.md, and scripts consistently describe switching the agent's model via the Huddle01 GRU gateway; the scripts validate the provider, update the OpenClaw config, and restart the service — all coherent with the stated purpose. However, the registry metadata claims 'required binaries: none' and 'required env vars: none' even though the scripts require 'jq' and assume the 'openclaw' CLI is available for restart. This metadata omission is inconsistent with the skill's actual needs.
Instruction Scope
SKILL.md explicitly instructs the agent to run the included validate.sh and switch-model.sh scripts, read and update OpenClaw config files (~/.openclaw/config.json or openclaw.json), and run 'openclaw restart'. Those actions are within the scope of model-switching. The instructions do not attempt to read unrelated system secrets or other skill configs. They do modify user configuration files and perform a service restart — expected but intrusive operations that should be noted.
Install Mechanism
This is instruction-only with included scripts (no download/extract install step). There is no network fetch during install in the spec. The lack of an install spec is lower risk, but the README includes optional clone/install instructions from GitHub/ClawHub; verify sources before using those commands.
!
Credentials
The skill declares no required env vars or binaries, yet validate.sh and switch-model.sh require 'jq' and use OPENCLAW_CONFIG optionally; the SKILL/README also expect an accessible 'openclaw' command for restart. validate.sh also requires that the hudl provider have an apiKey present in the OpenClaw config (it reads sensitive config data from local files). While reading/writing the OpenClaw config is necessary for changing models, the registry metadata should have listed jq and the need to allow restarts. The skill does not itself request external credentials via env vars, but it will read the API key from your local OpenClaw config file — ensure that is acceptable.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable only. It modifies the user's OpenClaw config files and issues a restart of the service — legitimate for this purpose, but potentially disruptive. It does not attempt to modify other skills' configs or request persistent system-wide privileges beyond editing OpenClaw config files and restarting OpenClaw.
What to consider before installing
This skill appears to implement what it claims (switching the active model via the Huddle01 GRU gateway), but there are a few things you should do before installing or using it: - Verify the source: the registry 'Source' is unknown and there is no homepage; prefer code from a known/trusted repository. Inspect the included scripts yourself. - Backup your OpenClaw config(s) (~/.openclaw/config.json and ~/.openclaw/openclaw.json) before running this skill — the scripts edit these files in-place. Use version control or a copy. - Ensure prerequisites are present: install jq and confirm the openclaw CLI is available (the metadata omitted these runtime requirements). Validate that validate.sh runs and exits 0 on your system before attempting a switch. - Confirm the hudl provider and apiKey in your config: validate.sh will refuse to run if the hudl provider or apiKey is missing; the script reads that apiKey from local files but does not send it anywhere during validation. - Test cautiously: run validate.sh manually, then consider running switch-model.sh against a disposable/test config or after backing up the real config; the scripts have no dry-run mode and will perform changes and require a restart. - Review restart impacts: openclaw restart will bring the agent down and back up; plan for potential disruption. If you want higher assurance, ask the skill author for a canonical repository/homepage, or request that the registry metadata be corrected to list required binaries (jq, openclaw) and any expected environment variables (OPENCLAW_CONFIG if used).

Like a lobster shell, security has layers — review code before you run it.

ai-inferencevk976v7k8249n7s30mhpm8wzyah82zbrkgruvk976v7k8249n7s30mhpm8wzyah82zbrkhuddle01vk976v7k8249n7s30mhpm8wzyah82zbrkhuddle01-cloudvk976v7k8249n7s30mhpm8wzyah82zbrklatestvk976v7k8249n7s30mhpm8wzyah82zbrkllmvk976v7k8249n7s30mhpm8wzyah82zbrkmodel-switchingvk976v7k8249n7s30mhpm8wzyah82zbrkopenclawvk976v7k8249n7s30mhpm8wzyah82zbrk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments