model-fallback
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/model-error-wrapper.shexecutes the string passed to the--commandparameter usingbash -cwithin a subshell. This allows for arbitrary command execution depending on the data passed to the wrapper. - [COMMAND_EXECUTION]: The script
scripts/auto-switch-handler.shattempts to execute an external script at~/.openclaw/scripts/model-fallback.sh. This script is not included within the skill package, preventing verification of the code that is actually executed during a failover event. - [COMMAND_EXECUTION]: The skill uses the
openclawCLI command across multiple scripts (auto-switch-handler.sh,model-error-wrapper.sh) to query system status and restart services. - [CREDENTIALS_UNSAFE]: The documentation in
README.mdprovides an example script for Telegram notifications that includes placeholders for a bot token and chat ID, guiding users to store sensitive credentials directly in shell script files.
Audit Metadata