← Back to Skills Marketplace

model_manager

Name: model_manager
Author: williamxxu

by WilliamXXu · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

106

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install modelmanager

Description

OpenClaw 模型管理工具。用于查看、设置和管理 OpenClaw 使用的大语言模型。当用户提到以下场景时使用：切换模型、查看可用模型、设置备用模型、管理模型降级。重要：此 skill 必须在获得用户明确指示后才能使用。

Usage Guidance

This skill aims to manage local OpenClaw models and is plausible, but there are several issues you should address before installing or using it unattended: 1) Platform mismatch — the script calls a macOS-specific path (/Applications/QClaw.app/...) despite no OS restriction; don't install if you aren't on that platform or if that path is absent. 2) Authorization mismatch — SKILL.md says modifications require explicit user permission but the script will perform changes when invoked; ensure the runtime enforces confirmations or only run on explicit user commands. 3) Command injection — model IDs are interpolated into shell commands with shell=True; if the skill receives untrusted input this could execute arbitrary shell commands. 4) Functional bug — the documented 'fallback list' command is not implemented consistently with argv parsing. Recommended actions: review and patch the script (avoid shell=True, sanitize inputs, fix the fallback-list handling, remove hardcoded macOS paths or add platform checks), restrict autonomous invocation until fixes are applied, and test in a safe environment. If you cannot inspect and/or fix the code, treat the skill as risky and do not grant it autonomous execution rights.

Capability Analysis

Type: OpenClaw Skill Name: modelmanager Version: 1.0.1 The skill contains a critical shell injection vulnerability in `scripts/model_manager.py`. The `run_cmd` function utilizes `subprocess.run(shell=True)` and directly interpolates user-provided arguments (like `model_id`) into shell commands without any sanitization. While the script's logic is consistent with its stated purpose of managing LLM configurations via a local helper script (`openclaw-mac.sh`), the implementation allows for arbitrary command execution if a malicious model ID is provided.

Capability Assessment

ℹ Purpose & Capability

Name and description align with functionality: listing/setting models and managing fallbacks. However, the implementation calls a hardcoded macOS app script (/Applications/QClaw.app/.../openclaw-mac.sh) while the SKILL.md instructs running a workspace-local script path (~/.qclaw/workspace/skills/...). The skill claims to save changes to ~/.qclaw/agents/main/agent/models.json and ~/.qclaw/openclaw.json which is consistent with a model manager, but the hardcoded macOS wrapper makes the skill platform-specific despite no OS restriction.

⚠ Instruction Scope

SKILL.md states queries are safe and modifications require explicit user authorization, but the provided Python script performs modifications whenever invoked and does not itself enforce or prompt for user confirmation. The script also contains a bug/inconsistency for the documented 'fallback list' command (the code expects argv[1]=='fallback list' which is inconsistent with typical argv parsing and the documentation). These mismatches mean the runtime behavior may not respect the described safeguards.

✓ Install Mechanism

No install spec or external downloads; the skill is instruction-only plus a local Python script, so there is no package-fetch or remote installer risk.

✓ Credentials

The skill requests no environment variables or external credentials, which is proportional to its stated local-management purpose. Note: the script uses subprocess.run with shell=True and directly interpolates model IDs into shell commands, creating a command-injection risk if untrusted input is passed.

⚠ Persistence & Privilege

always is false (good), but disable-model-invocation is false so the agent may invoke the skill autonomously. Combined with the script not enforcing the described 'explicit user authorization' for modification commands and the shell-injection vulnerability, autonomous invocation increases risk. The skill does write through OpenClaw's CLI to local config files (models.json and openclaw.json) which is expected but privileged.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install modelmanager
After installation, invoke the skill by name or use /modelmanager
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

Initial release of the model-manager skill for OpenClaw: - Adds a tool for viewing, setting, and managing large language models in OpenClaw. - Provides query commands (list, status, fallback list) that do not require user authorization. - Restricts modifying commands (set, fallback add/remove) to explicit user instructions. - Includes clear usage instructions and command examples. - Integrates with OpenClaw’s model management CLI for seamless operations.

Metadata

Slug modelmanager

Version 1.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is model_manager?

OpenClaw 模型管理工具。用于查看、设置和管理 OpenClaw 使用的大语言模型。当用户提到以下场景时使用：切换模型、查看可用模型、设置备用模型、管理模型降级。重要：此 skill 必须在获得用户明确指示后才能使用。 It is an AI Agent Skill for Claude Code / OpenClaw, with 106 downloads so far.

How do I install model_manager?

Run "/install modelmanager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is model_manager free?

Yes, model_manager is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does model_manager support?

model_manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created model_manager?

It is built and maintained by WilliamXXu (@williamxxu); the current version is v1.0.1.

More Skills