← 返回 Skills 市场
Model Switchboard
作者
frank-bot07
· GitHub ↗
· v3.0.0
364
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install model-switchboard
功能描述
Safely configure OpenClaw AI models by validating roles, autoloading backups, blocking unsafe changes, and managing via CLI or Canvas UI.
安全使用建议
This skill appears coherent and appropriate for managing OpenClaw models: it only needs access to your OpenClaw config and any provider API keys you already use, and it implements validation, backups and a UI. However, the included security audit flagged two HIGH issues (XSS in the UI and a shell-injection vector in the import flow). The changelog states those issues were fixed, but some files in the submission were truncated so I could not fully verify every fix. Before installing or enabling this skill in production: 1) Inspect switchboard.sh (import_config) to ensure file paths are passed via environment variables (no unescaped shell interpolation). 2) Open ui/index.html and confirm user/model strings are rendered using textContent/createElement (no innerHTML with unescaped values or inline onclick string interpolation). 3) Run the tool in a non-production environment, exercise import/export and UI flows, and confirm backups and rollback work as advertised. 4) If you must trust it in production, run a local security test (attempt model names with special characters, simulate concurrent operations) and ensure backup directory permissions and lockfiles are present. If you want, I can (a) search the provided switchboard.sh and ui files for the exact patterns and report lines that still look risky, or (b) provide a short checklist of commands/tests to run to validate the fixes on your machine.
功能分析
Type: OpenClaw Skill
Name: model-switchboard
Version: 3.0.0
The Model Switchboard skill is classified as benign. While a self-audit (`AUDIT-OPUS.md`) revealed several high-severity vulnerabilities (XSS in `ui/index.html`, shell injection in `scripts/switchboard.sh`) and medium-severity issues, the `CHANGELOG.md` and a thorough code review confirm that all these findings have been addressed and fixed in the provided v3.0 files. The skill's core purpose is safe AI model configuration, employing robust safety measures such as fail-closed validation, atomic writes with automatic rollback, and comprehensive input sanitization, demonstrating a strong commitment to security in its design and implementation.
能力评估
Purpose & Capability
Name/description match the code and SKILL.md: the bundle contains a validation engine, CLI wrapper, redundancy generator, UI, model registry and setup script. Files access the OpenClaw config (~/.openclaw/openclaw.json) and provider auth artifacts — expected for a model-management tool. No unrelated cloud creds or unrelated binaries are requested.
Instruction Scope
SKILL.md confines runtime actions to model validation, backups, uses the OpenClaw CLI and the provided switchboard.sh/ui. It explicitly forbids direct editing of openclaw.json and prescribes dry-runs and confirmations. The SKILL.md does suggest editing model-registry.json to add new models (this changes the skill bundle's data), which is within the tool's domain but worth noting as it requires modifying shipped files.
Install Mechanism
No install spec / no external downloads. This is instruction-first with bundled scripts (Python + Bash + HTML). That lowers install-time risk compared to fetching remote archives. No evidence of remote code pulls or unusual installers in included files.
Credentials
The skill itself declares no required env vars; at runtime it conditionally reads provider API keys and OpenClaw auth files (ANTHROPIC_API_KEY, OPENAI_API_KEY, ~/.openclaw/auth/*) to detect available providers — this is proportional to model/provider discovery and redundancy features. It does read/write the user's OpenClaw config and creates backups under ~/.openclaw — expected for this purpose.
Persistence & Privilege
No 'always: true' privilege. The skill reads/writes user-level config (~/.openclaw/openclaw.json and backups) and runs a UI server locally; these are appropriate for a model-management tool. It does not request system-wide privileges or modify other skills' configs in the provided excerpts.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install model-switchboard - 安装完成后,直接呼叫该 Skill 的名称或使用
/model-switchboard触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.0.0
- Major upgrade: introduces robust safeguards for managing AI models in OpenClaw.
- All model assignments must use provided commands; direct JSON edits are strictly forbidden.
- Automatic validation, backup (30 rolling), and instant rollback for every config change.
- Prevents unsafe assignments (e.g., image models as LLMs) and enforces strict validation rules.
- Adds visual management dashboard (Canvas UI) and full CLI reference.
- Advanced redundancy, import/export, health diagnostics, and troubleshooting support included.
元数据
常见问题
Model Switchboard 是什么?
Safely configure OpenClaw AI models by validating roles, autoloading backups, blocking unsafe changes, and managing via CLI or Canvas UI. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 364 次。
如何安装 Model Switchboard?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install model-switchboard」即可一键安装,无需额外配置。
Model Switchboard 是免费的吗?
是的,Model Switchboard 完全免费(开源免费),可自由下载、安装和使用。
Model Switchboard 支持哪些平台?
Model Switchboard 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Model Switchboard?
由 frank-bot07(@frank-bot07)开发并维护,当前版本 v3.0.0。
推荐 Skills