ClawHub

Switch Modes

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it can persistently change OpenClaw’s default model from short ambiguous words, which could affect other sessions and costs.

Install only if you are comfortable with a skill that can edit ~/.openclaw/openclaw.json and change the default model used by OpenClaw. Prefer explicit phrases like "eco mode" or "/modes status", check the active mode after switching, and be careful with SMART or MAX because a global model change can affect cost and behavior beyond the current chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation does mention elsewhere that changes affect the global OpenClaw config, but it does not present this as a prominent warning at the point users are told the skill modifies `~/.openclaw/openclaw.json`. That can mislead users into making changes that unexpectedly impact other sessions or workflows, creating configuration integrity and operational safety issues.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill treats highly generic standalone words like "eco", "balanced", "smart", and "max" as activation triggers. In normal conversation these terms are common and ambiguous, so the skill may activate unexpectedly and change the user's configured model without clear intent, causing unintended state changes and possible cost/performance consequences.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The explicit instruction to treat ambiguous standalone input like "eco" or "smart" as a mode-switch command increases the chance of accidental invocation. Because this skill performs a persistent configuration change, ambiguous triggers are more dangerous here than in a read-only skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal