OpenClaw Session Reply Debug & Model Fallback

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenClaw troubleshooting skill that can test model providers and change local model routing when apply mode is used.

Install or use this only if you want an agent to inspect OpenClaw session/config/log files and potentially change active model routing. Run dry-runs first, verify the configured provider baseUrl before API-key probes, review changed files and backups, and enable heartbeat/cron only if you want ongoing automatic fallback and recovery.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The document instructs operators to run a model-switch command with `--apply`, which performs configuration changes, but the surrounding guidance does not explicitly warn that this step mutates local OpenClaw configuration files and can alter active model routing. In an operational troubleshooting skill, this can lead to unintended persistent state changes, especially if a user believes they are only performing a read-only connectivity test.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal