Model Switch
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A provider API key could become available to every configured OpenClaw agent, increasing cost, account-access, and exposure risk if one agent is misconfigured or untrusted.
The skill explicitly copies provider API keys from environment/config into OpenClaw authentication profiles for all agents. That expands which agents can use the credential and is broader than a single model switch.
`add-key <provider>` ... `将环境变量值写入 models.providers.anthropic.apiKey` ... `更新所有 Agent 的 auth-profiles.json`
Before using add-key, confirm the API key scope and provider, back up auth-profiles.json, and prefer updating only the agents that actually need that provider.
A wrong model/provider choice could propagate to all agents and future sessions, causing failures, unexpected behavior, or higher provider costs.
The documented workflow can automatically perform persistent multi-step configuration changes, including a bulk mode affecting all agents, from a simple trigger phrase.
`switch ALL <model>` | `批量切换所有 Agent` ... `当你说"切到 xxx"时,会自动执行全部 5 步切换...无需手动操作`
Use single-agent switching by default, require confirmation before 'ALL' or credential-changing operations, and review diffs/backups of ~/.openclaw before and after running the skill.