Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Model Registry Manager
v1.3.0Detect provider models, deduplicate them, remove unusable ones, register missing models into OpenClaw, and safely keep provider-native model ids/names during...
⭐ 0· 88·0 current·0 all-time
byQihong@zqh2333
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the implementation: scripts fetch /models from provider.baseUrl, deduplicate by provider id, probe models, update agents.defaults.models in ~/.openclaw/openclaw.json, and write reports. No unrelated credentials or tools are requested.
Instruction Scope
SKILL.md instructs the agent to inspect config, fetch remote models, validate before writing, schedule recurring jobs, and maintain a `.learnings/` archive automatically. The provided scripts implement the core fetch/deduplicate/probe/register/report behavior and write reports under the skill's reports path, but they do not implement the automatic `.learnings/` archival behavior described in SKILL.md (minor mismatch). The instructions also recommend scheduling jobs and allowing exec/read for those jobs; the sync script can run 'openclaw gateway restart' when --restart is passed, which is consistent with the recommendation but grants the skill permission to execute a restart command.
Install Mechanism
No install spec — instruction-only with two included Node scripts. Nothing is downloaded from external URLs or written during an install step.
Credentials
No required env vars are declared. The scripts read provider.apiKey entries from the OpenClaw config file (cfg.models.providers[].apiKey) to call provider endpoints; that is expected for this purpose and no unrelated secrets are requested.
Persistence & Privilege
always:false (good). The skill intentionally modifies the OpenClaw config file (~/.openclaw/openclaw.json) and can run 'openclaw gateway restart' when asked; these are within the skill's purpose but are privileged actions (configuration writes and a restart). Autonomous invocation is allowed by default (not flagged on its own).
Assessment
This skill appears to do what it says: read your OpenClaw config (~/.openclaw/openclaw.json), call provider /models and /chat/completions using provider.apiKey entries from that config, produce reports under reports/model-registry, update agents.defaults.models in the config, and optionally restart the gateway. Before installing or scheduling it:
- Back up ~/.openclaw/openclaw.json so you can revert config changes.
- Run a dry run first (use the --dry-run flag when running scripts) and run the validation script to confirm behavior before enabling recurring sync.
- Confirm that provider.apiKey values in your config are correct and intended to be used by this tool; the skill uses those keys to contact provider endpoints.
- Note SKILL.md asks the agent to auto-write a `.learnings/` archive; the bundled scripts do not implement that, but the instruction could be followed by an agent — decide whether you want automatic writebacks to home/workspace.
- Ensure the agent environment has a modern Node runtime (fetch is used) and that you are comfortable with the script calling 'openclaw gateway restart' when --restart is provided.
- Review and/or run the JavaScript files in a safe environment to confirm no local-policy conflicts before enabling scheduled runs.scripts/sync-models.js:186
Shell command execution detected (child_process).
scripts/sync-models.js:6
Environment variable access combined with network send.
scripts/validate-model-sync.js:5
Environment variable access combined with network send.
scripts/sync-models.js:20
File read combined with network send (possible exfiltration).
scripts/validate-model-sync.js:12
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97az57kxx50wed099m4p4rv1x84j4e2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.