Scan Report
20 /100
smart-model-switcher-pro
智能模型自动切换 Pro V6.0.0 - 多模态感知,自动识别图片/视频/音频/代码/文本任务
Legitimate model switching utility with undocumented file system access and missing allowed-tools declaration, but no malicious behavior detected.
Safe to install
Add explicit allowed-tools declaration in SKILL.md frontmatter listing filesystem:READ (for config path check) and filesystem:WRITE (for log creation). Document the $env:USERPROFILE\.openclaw\ paths used by the scripts.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | Missing allowed-tools declaration Doc Mismatch | SKILL.md:1 |
| Low | Undocumented file path access Doc Mismatch | scripts/runtime-switch.txt:7 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | runtime-switch.txt:7 - reads $env:USERPROFILE\.openclaw\openclaw.json |
| Filesystem | NONE | WRITE | ✓ Aligned | auto-monitor.txt:16 - writes to $env:USERPROFILE\.openclaw\logs\ |
| Network | NONE | NONE | — | No network calls in any script |
| Shell | NONE | NONE | — | No shell execution via subprocess/popen |
File Tree
3 files · 13.8 KB · 385 lines Text 2f · 268L
Markdown 1f · 117L
├─
▾
scripts
│ ├─
auto-monitor.txt
Text
│ └─
runtime-switch.txt
Text
└─
SKILL.md
Markdown
Security Positives
✓ No base64-encoded payloads or eval() calls
✓ No curl|bash or wget|sh remote script execution
✓ No credential harvesting (no os.environ iteration for secrets)
✓ No sensitive path access (~/.ssh, ~/.aws, .env files)
✓ No external network requests or C2 communication
✓ No obfuscation techniques detected
✓ No malicious dependencies - no package manager files present
✓ PowerShell scripts contain straightforward, readable logic for model selection