Model Switcher

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only model switching skill with disclosed behavior and no code, persistence, credential access, or data collection.

Install this only if you want the agent to change models during conversations. Review the listed model aliases in your OpenClaw setup, especially before sharing sensitive data, and expect the switching rules to work best for the documented Chinese keywords.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger description is broad enough that normal requests like analysis, design, optimization, or explicit switching mentions can cause automatic model changes without clear boundaries or user consent. In a skill that controls model selection, ambiguous triggering can lead to unintended routing of prompts to a more capable or different-cost model, reducing predictability and potentially affecting privacy, cost, and policy handling.

Natural-Language Policy Violations

Medium

Confidence: 78% confidence
Finding: The skill hard-codes Chinese trigger keywords as the basis for complex-task detection, which creates inconsistent behavior across languages and makes switching logic unreliable or easy to bypass. While not directly a code-execution issue, this can cause incorrect model routing, confusing user experience, and policy gaps if complexity detection only works for one locale.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal