Model Switch
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: model-switch Version: 1.1.1 This skill bundle provides a utility for managing AI model configurations within the OpenClaw environment. The core logic in `model_switcher.py` automates the synchronization of model settings across `openclaw.json` and individual agent `auth-profiles.json` files. While the script interacts with sensitive information like API keys (via environment variables), it performs these actions locally to ensure the OpenClaw gateway functions correctly. There is no evidence of data exfiltration, remote code execution, or malicious prompt injection; the instructions in `skill.md` are strictly aligned with the stated purpose of model management and configuration diagnostics.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A provider API key could become available to every configured OpenClaw agent, increasing cost, account-access, and exposure risk if one agent is misconfigured or untrusted.
The skill explicitly copies provider API keys from environment/config into OpenClaw authentication profiles for all agents. That expands which agents can use the credential and is broader than a single model switch.
`add-key <provider>` ... `将环境变量值写入 models.providers.anthropic.apiKey` ... `更新所有 Agent 的 auth-profiles.json`
Before using add-key, confirm the API key scope and provider, back up auth-profiles.json, and prefer updating only the agents that actually need that provider.
A wrong model/provider choice could propagate to all agents and future sessions, causing failures, unexpected behavior, or higher provider costs.
The documented workflow can automatically perform persistent multi-step configuration changes, including a bulk mode affecting all agents, from a simple trigger phrase.
`switch ALL <model>` | `批量切换所有 Agent` ... `当你说"切到 xxx"时,会自动执行全部 5 步切换...无需手动操作`
Use single-agent switching by default, require confirmation before 'ALL' or credential-changing operations, and review diffs/backups of ~/.openclaw before and after running the skill.