Back to skill
Skillv1.0.0
ClawScan security
LLM Switcher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 12:11 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instructions match the stated purpose (changing the global default model) and are proportionate, but the skill assumes the OpenClaw CLI and appropriate permissions exist even though it does not declare them — verify those before use.
- Guidance
- This skill appears to do what it says: list configured models, test a session-only override, update the global default, and restart the gateway upon confirmation. Before installing, verify: 1) the OpenClaw CLI (openclaw) and the agent's session-status capability exist on the host (the SKILL.md assumes them even though metadata doesn't list them), 2) the agent/process running skills has appropriate admin rights to modify global config and restart the gateway (and that you are comfortable granting that), and 3) you have a backup or can roll back config changes. Also consider asking the publisher to update metadata to declare the required 'openclaw' binary and to add explicit authorization/logging/rollback guidance. If you lack admin rights or the CLI, do not enable this skill.
Review Dimensions
- Purpose & Capability
- concernThe skill's name/description align with its behavior (changing the global default model and restarting the gateway). However, SKILL.md relies on the 'openclaw' CLI and an in-agent 'session_status' capability even though the skill metadata declares no required binaries or config paths — an inconsistency that should be resolved (the CLI/agent runtime capabilities are required for this skill to work).
- Instruction Scope
- concernInstructions stay within the model-switching use case (list models, test via session override, set config, restart gateway). They do, however, require read/write access to global agent config and the ability to restart the gateway — privileged actions. The instructions do not include checks for user authorization, logging, or rollback/backups, which are relevant when changing global defaults.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. This has low installation risk because nothing is downloaded or written by an installer.
- Credentials
- okThe skill requests no environment variables or credentials, which is appropriate for its described purpose. It does rely on in-environment tools (openclaw) and agent capabilities that are not declared in metadata.
- Persistence & Privilege
- noteThe skill modifies global configuration and can restart the gateway (privileged operations). It does require explicit user confirmation before restart and is not always-enabled. Be aware that if the agent is allowed to invoke skills autonomously, an agent with sufficient permissions could prompt or act toward changing config — the SKILL.md's confirmation step mitigates but does not eliminate privilege risk if the agent runs without an interactive human to confirm.