Skills
skills/aaaaqwq/claude-code-skills/model-fallback/Gen Agent Trust Hub

model-fallback

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The script scripts/model-error-wrapper.sh uses bash -c to execute the value of its --command argument. This represents a significant command injection risk if the input is provided by an AI agent or other untrusted source.
  • [CREDENTIALS_UNSAFE] (LOW): Documentation in README.md includes a template for a notification script that instructs users to hardcode sensitive Telegram API tokens directly into the source code.
  • [DATA_EXPOSURE] (LOW): The skill interacts with sensitive configuration files such as ~/.openclaw/agents/main/agent/agent.json, which potentially exposes API keys and usage statistics through logs.
  • [COMMAND_EXECUTION] (MEDIUM): The skill assumes the existence of and executes external scripts located in ~/.openclaw/scripts/ that are not bundled with the skill itself, leading to an unverified execution chain.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 19, 2026, 08:47 AM