Openclaw Model Switch
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears to do what it advertises, but using it will persistently edit OpenClaw model settings, save API keys in plaintext, and restart the gateway.
Install this only if you are comfortable letting it edit ~/.openclaw/openclaw.json, store model API keys there in plaintext, create local backups, and restart the OpenClaw gateway. Back up your configuration, restrict file permissions, and verify the active model after switching.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running a switch command changes which model OpenClaw uses and may briefly interrupt active sessions while the gateway restarts.
The switch workflow changes the default OpenClaw model and restarts the gateway. This is central to the skill and disclosed, but it is still a high-impact local action.
openclaw_config['agents']['defaults']['model']['primary'] = primary_model ... os.system('openclaw gateway restart > /dev/null 2>&1')Use the switch command only when you intend to change the active model, and keep or verify the generated backup before making repeated changes.
Anyone who can read the OpenClaw configuration file may be able to see model-provider API keys stored there.
The skill explicitly documents that provider API keys are stored in the local OpenClaw configuration file in plaintext. This is expected for model-provider setup, but the keys are sensitive.
**位置:** `~/.openclaw/openclaw.json` ... **格式:** 明文存储(未加密)
Only enter API keys you intend OpenClaw to use, restrict file permissions such as chmod 600, and avoid committing OpenClaw configuration or backups to version control.
English-only users may underestimate the local configuration and API-key handling performed by the skill.
The English security summary is less precise than the main SKILL.md and code because the skill can request API keys, write ~/.openclaw/openclaw.json, and restart the OpenClaw gateway. The fuller disclosure exists elsewhere, so this is a documentation clarity issue rather than hidden behavior.
**Scripts run locally** - No network calls (unless specified) ... **Read:** Configuration files in skill directory ... Don't provide sensitive information
Review the SKILL.md security section before installing, and update the English README to match the actual file, credential, and gateway-restart behavior.