by 安全扫描
OpenClaw
可疑
medium confidenceSkill appears to do what it advertises (automatically pick and switch models), but some runtime instructions and a detected prompt-injection pattern raise caution before installing broadly.
评估建议
This skill is coherent with its stated purpose (auto-detect task type and switch models). However: 1) The skill instructs agents to run detection before every response and to use session_status or a local gateway API — confirm your gateway's /api/session/model endpoint requires proper auth and that sessionKey values cannot be abused to switch other users' sessions. 2) The SKILL.md contains a detected 'unicode-control-chars' pattern (possible prompt-injection); review the file for hidden characte...详细分析 ▾
✓ 用途与能力
Name/description align with the code and SKILL.md: the script and instructions only implement task detection and session-level model switching. The included script targets a local gateway API and the README explains provider API keys/config — these are proportionate to a model-switcher skill.
ℹ 指令范围
SKILL.md instructs the agent to run a detection workflow before every response and to call session_status (or the local gateway endpoint) to change models. That is within the skill's purpose, but the doc explicitly shows how to switch other sessions by supplying a sessionKey; if the agent has access to session keys or broader session-management APIs this could be used to affect other chat channels. Also the SKILL.md contains a detected 'unicode-control-chars' pattern (prompt-injection signal) which may indicate manipulation attempts embedded in the instructions.
✓ 安装机制
No install spec (instruction-only + small included script). No downloads or remote install URLs; risk from installation is low. The script is small and only uses Node builtin http modules to POST to localhost.
✓ 凭证需求
The skill declares no required env vars or credentials. README shows optional provider API keys stored in user OpenClaw config or env vars — expected for a model-switcher that must be able to query model availability. Nothing requests unrelated secrets.
ℹ 持久化与权限
always:false (good). However the SKILL.md explicitly directs agents to run detection before every response (i.e., autonomous per-response behavior). Autonomous invocation is normal for skills, but combined with the ability to switch models for other sessions (via sessionKey) it increases blast radius if session management is not properly permissioned on the gateway.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv4.0.02026/3/23
V4 多模态感知升级:自动检测图片切换视觉模型,代码任务自动切换 glm-5,会话级独立切换互不影响
● 无害
安装命令
点击复制官方npx clawhub@latest install smart-model-switcher-v4
镜像加速npx clawhub@latest install smart-model-switcher-v4 --registry https://cn.longxiaskill.com