ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claw Switch

v1.0.0

Simple model router for OpenClaw. Switch between available models based on task type. No manual config needed — just use natural language.

0· 318·2 current·2 all-time
by@siliconyahaha
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, catalog.json and SKILL.md consistently describe a model router for OpenClaw; the instructions call the OpenClaw CLI (openclaw models set, openclaw gateway restart) which is exactly what a model-switcher would need.
Instruction Scope
Runtime instructions are limited to switching models and restarting the gateway via the OpenClaw CLI and to replying with a one-line confirmation. This stays within scope, but the gateway restart is an intrusive operation (it can disrupt other workloads) and the skill is allowed to invoke itself autonomously.
Install Mechanism
Instruction-only skill with no install spec, no downloaded code, and no required binaries or env vars — minimal install risk since nothing is written or fetched by the skill bundle itself.
Credentials
The skill requests no environment variables, credentials, or config paths. SKILL.md explicitly states it will not store or display API keys. Requested access appears proportional to purpose.
!
Persistence & Privilege
The skill is marked always: true (force-included on every agent run). Combined with commands that restart the OpenClaw gateway and switch models, this grants an always-present capability to change runtime behavior and potentially incur costs or cause service disruption. Always:true is unexpected for a simple router and merits review.
What to consider before installing
This skill appears to do what it says (switch OpenClaw models), but it is marked always: true which forces it into every agent run and allows autonomous execution of commands that restart the gateway and change models. Before installing: (1) prefer a version with always: false so it only runs when invoked by a user; (2) verify the skill's source/owner and request a homepage or repo to inspect; (3) test the openclaw CLI commands manually to confirm behavior and permissions; (4) consider the operational impact of frequent gateway restarts (downtime, other skills interrupted) and cost impact of switching to paid models (e.g., Gemini); (5) monitor logs and usage if you enable it, and restrict installation to a staging environment first. If you cannot remove always:true or audit the owner/source, treat this as higher risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk9787wwhx7qw6qyqebf0bx3be982gqjt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis

Comments