Skillv1.0.3

ClawScan security

Hudl AI Openclaw Model Switch · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 2:21 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (editing OpenClaw config, verifying a hudl provider, and restarting OpenClaw) matches its stated purpose, but the package metadata and registry declarations omit real runtime requirements and there are a few unattended risks you should review before installing.
Guidance: This skill appears to implement what it claims (switching the active model via the Huddle01 GRU gateway), but there are a few things you should do before installing or using it: - Verify the source: the registry 'Source' is unknown and there is no homepage; prefer code from a known/trusted repository. Inspect the included scripts yourself. - Backup your OpenClaw config(s) (~/.openclaw/config.json and ~/.openclaw/openclaw.json) before running this skill — the scripts edit these files in-place. Use version control or a copy. - Ensure prerequisites are present: install jq and confirm the openclaw CLI is available (the metadata omitted these runtime requirements). Validate that validate.sh runs and exits 0 on your system before attempting a switch. - Confirm the hudl provider and apiKey in your config: validate.sh will refuse to run if the hudl provider or apiKey is missing; the script reads that apiKey from local files but does not send it anywhere during validation. - Test cautiously: run validate.sh manually, then consider running switch-model.sh against a disposable/test config or after backing up the real config; the scripts have no dry-run mode and will perform changes and require a restart. - Review restart impacts: openclaw restart will bring the agent down and back up; plan for potential disruption. If you want higher assurance, ask the skill author for a canonical repository/homepage, or request that the registry metadata be corrected to list required binaries (jq, openclaw) and any expected environment variables (OPENCLAW_CONFIG if used).

Review Dimensions

Purpose & Capability: noteThe skill's name, README, SKILL.md, and scripts consistently describe switching the agent's model via the Huddle01 GRU gateway; the scripts validate the provider, update the OpenClaw config, and restart the service — all coherent with the stated purpose. However, the registry metadata claims 'required binaries: none' and 'required env vars: none' even though the scripts require 'jq' and assume the 'openclaw' CLI is available for restart. This metadata omission is inconsistent with the skill's actual needs.
Instruction Scope: okSKILL.md explicitly instructs the agent to run the included validate.sh and switch-model.sh scripts, read and update OpenClaw config files (~/.openclaw/config.json or openclaw.json), and run 'openclaw restart'. Those actions are within the scope of model-switching. The instructions do not attempt to read unrelated system secrets or other skill configs. They do modify user configuration files and perform a service restart — expected but intrusive operations that should be noted.
Install Mechanism: okThis is instruction-only with included scripts (no download/extract install step). There is no network fetch during install in the spec. The lack of an install spec is lower risk, but the README includes optional clone/install instructions from GitHub/ClawHub; verify sources before using those commands.
Credentials: concernThe skill declares no required env vars or binaries, yet validate.sh and switch-model.sh require 'jq' and use OPENCLAW_CONFIG optionally; the SKILL/README also expect an accessible 'openclaw' command for restart. validate.sh also requires that the hudl provider have an apiKey present in the OpenClaw config (it reads sensitive config data from local files). While reading/writing the OpenClaw config is necessary for changing models, the registry metadata should have listed jq and the need to allow restarts. The skill does not itself request external credentials via env vars, but it will read the API key from your local OpenClaw config file — ensure that is acceptable.
Persistence & Privilege: noteThe skill does not request 'always: true' and is user-invocable only. It modifies the user's OpenClaw config files and issues a restart of the service — legitimate for this purpose, but potentially disruptive. It does not attempt to modify other skills' configs or request persistent system-wide privileges beyond editing OpenClaw config files and restarting OpenClaw.