Openclaw Modelverse Plugin
ReviewAudited by ClawScan on May 12, 2026.
Overview
The plugin mostly matches its Modelverse provider purpose, but its setup code can persistently rewrite OpenClaw auth/model configuration and appears to drop the whole auth section, so it should be reviewed before use.
Install only if you intend to use Modelverse as an OpenClaw model provider. Before running onboarding, back up your OpenClaw config and verify after setup that other auth profiles and default model settings were not changed unexpectedly. Use a revocable Modelverse API key and avoid sending sensitive data unless Modelverse's policies meet your needs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the onboarding/auth setup could affect existing OpenClaw authentication configuration and future default model routing, not just add a new provider.
The setup function deliberately builds the returned OpenClaw config without the entire auth property, then makes Modelverse the primary default model. If applied to a user's existing config, this could remove other auth profile references and route future sessions to Modelverse.
const { auth: _auth, ...cfgBase } = cfg as Record<string, unknown>; ... return applyAgentDefaultModelPrimary(updatedConfig, MODELVERSE_DEFAULT_MODEL_REF);Back up and inspect your OpenClaw config before running onboarding; the publisher should preserve existing auth settings and document any default-model changes clearly.
Anyone with access to those local OpenClaw config files may be able to use the Modelverse API key, which could expose account usage or charges.
The helper stores the Modelverse API key into local OpenClaw auth/profile and provider configuration. This is expected for a model provider, but users should treat it as sensitive credential storage.
[profileId]: { type: "api_key", provider: "modelverse", key: apiKey } ... apiKey,Use a scoped/revocable Modelverse key, avoid passing it on the command line, and remove or rotate the key if you uninstall the plugin or no longer trust the environment.
Your prompts, files/images supplied to models that support them, and related metadata may be sent to Modelverse/UCloud infrastructure.
The provider routes model traffic to the external Modelverse API endpoint. That is purpose-aligned, but it means prompts and attached model inputs may leave the local environment.
export const MODELVERSE_BASE_URL = "https://api.modelverse.cn/v1";
Only use the provider with data you are allowed to send to Modelverse, and review the provider's privacy, retention, and billing policies.
If another compatible agent honors this file while working from a source checkout, it could allow broader local actions than the plugin itself needs.
The source repository includes a local agent-permission settings file with broad developer-machine permissions unrelated to a Modelverse provider. There is no evidence OpenClaw uses it at runtime, but it is extra source-install surface.
"Read(//Users/mj/**)", "Bash(npm publish:*)", "Bash(scp:*)"
Prefer the packaged npm install or delete/ignore the .claude local settings file when installing from source; the publisher should remove local development permission files from the repository.