Model Switch
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches its model-switching purpose, but it can persistently change OpenClaw agent configuration and copy provider API keys into agent auth profiles, including across all agents.
Review this skill carefully before installing. It appears purpose-aligned, but you should back up ~/.openclaw/openclaw.json and agent auth-profiles, avoid 'switch ALL' unless intended, verify provider API key scopes, and inspect resulting config changes after use.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A provider API key could become available to every configured OpenClaw agent, increasing cost, account-access, and exposure risk if one agent is misconfigured or untrusted.
The skill explicitly copies provider API keys from environment/config into OpenClaw authentication profiles for all agents. That expands which agents can use the credential and is broader than a single model switch.
`add-key <provider>` ... `将环境变量值写入 models.providers.anthropic.apiKey` ... `更新所有 Agent 的 auth-profiles.json`
Before using add-key, confirm the API key scope and provider, back up auth-profiles.json, and prefer updating only the agents that actually need that provider.
A wrong model/provider choice could propagate to all agents and future sessions, causing failures, unexpected behavior, or higher provider costs.
The documented workflow can automatically perform persistent multi-step configuration changes, including a bulk mode affecting all agents, from a simple trigger phrase.
`switch ALL <model>` | `批量切换所有 Agent` ... `当你说"切到 xxx"时,会自动执行全部 5 步切换...无需手动操作`
Use single-agent switching by default, require confirmation before 'ALL' or credential-changing operations, and review diffs/backups of ~/.openclaw before and after running the skill.