model-switch
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bash script that modifies core agent configuration files including openclaw.json and config.json using the jq utility.
- [CREDENTIALS_UNSAFE]: The script reads sensitive environment variables from /data/hiclaw-secrets.env to retrieve authentication tokens for AI Gateway verification.
- [DATA_EXFILTRATION]: Performs a network request via curl to the AI Gateway to ensure the model is reachable before applying configuration changes.
- [PROMPT_INJECTION]: The skill ingests untrusted user input for model IDs and context windows. Ingestion points: Command line arguments in update-manager-model.sh. Boundary markers: Absent. Capability inventory: File modification and network access. Sanitization: Model prefix stripping and the use of jq --arg for safe JSON updates.
Audit Metadata