扫描报告
20 /100
smart-model-switcher-pro
智能模型自动切换 Pro V6.0.0 - 多模态感知,自动识别图片/视频/音频/代码/文本任务
Legitimate model switching utility with undocumented file system access and missing allowed-tools declaration, but no malicious behavior detected.
可以安装
Add explicit allowed-tools declaration in SKILL.md frontmatter listing filesystem:READ (for config path check) and filesystem:WRITE (for log creation). Document the $env:USERPROFILE\.openclaw\ paths used by the scripts.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Missing allowed-tools declaration 文档欺骗 | SKILL.md:1 |
| 低危 | Undocumented file path access 文档欺骗 | scripts/runtime-switch.txt:7 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | READ | ✓ 一致 | runtime-switch.txt:7 - reads $env:USERPROFILE\.openclaw\openclaw.json |
| 文件系统 | NONE | WRITE | ✓ 一致 | auto-monitor.txt:16 - writes to $env:USERPROFILE\.openclaw\logs\ |
| 网络访问 | NONE | NONE | — | No network calls in any script |
| 命令执行 | NONE | NONE | — | No shell execution via subprocess/popen |
目录结构
3 文件 · 13.8 KB · 385 行 Text 2f · 268L
Markdown 1f · 117L
├─
▾
scripts
│ ├─
auto-monitor.txt
Text
│ └─
runtime-switch.txt
Text
└─
SKILL.md
Markdown
安全亮点
✓ No base64-encoded payloads or eval() calls
✓ No curl|bash or wget|sh remote script execution
✓ No credential harvesting (no os.environ iteration for secrets)
✓ No sensitive path access (~/.ssh, ~/.aws, .env files)
✓ No external network requests or C2 communication
✓ No obfuscation techniques detected
✓ No malicious dependencies - no package manager files present
✓ PowerShell scripts contain straightforward, readable logic for model selection