Openrouter Image Generation
PassAudited by ClawScan on May 1, 2026.
Overview
This is a straightforward OpenRouter image generation/editing skill, with expected notes around using an OpenRouter API key and sending prompts or input images to OpenRouter.
This skill appears safe for its stated purpose if you are comfortable using OpenRouter. Before using it, provide an OpenRouter API key deliberately, avoid sending confidential prompts or images unless acceptable, and save outputs to the recommended OpenClaw outbound directory with unique filenames.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can consume OpenRouter account quota or credits tied to the provided API key.
The skill uses an OpenRouter provider credential, which is expected for the stated purpose. The registry metadata does not declare a primary credential or required env var, so users should notice this access requirement before use.
The script checks for API key in this order: 1. `--api-key` argument 2. `OPENROUTER_API_KEY` environment variable
Use a dedicated OpenRouter key where possible, prefer the environment variable over pasting secrets into prompts, and revoke or rotate the key if it is exposed.
Private prompts or input images may be processed by OpenRouter and the selected model/provider.
For image edits, the script reads the selected local input image and includes it, along with the prompt, in a request to OpenRouter. This is purpose-aligned but means that content leaves the local environment.
OPENROUTER_URL = "https://openrouter.ai/api/v1/chat/completions" ... data = path.read_bytes() ... {"type": "image_url", "image_url": {"url": data_url}}Only use the skill with prompts and images you are comfortable sending to OpenRouter, and avoid confidential or sensitive images unless that provider use is acceptable.
A mistaken output path could replace an existing file or write outside the recommended OpenClaw media directory.
The script writes generated image bytes to a caller-supplied path and creates parent directories. This is normal for an image-generation tool, but it can overwrite an existing file if directed there.
parser.add_argument("--filename", "-f", required=True, help="Output filename/path") ... output_path.parent.mkdir(parents=True, exist_ok=True) ... output_path.write_bytes(image_bytes)Keep outputs under `~/.openclaw/media/outbound/` and use unique filenames as the SKILL.md recommends.
The skill may fail to run if `uv` is not installed, and users may not see that requirement from metadata alone.
The usage instructions depend on the `uv` runner, while the registry requirements list no required binaries. The script itself is included and uses standard-library imports, so this appears to be a metadata completeness issue rather than hidden installation behavior.
uv run ~/.openclaw/workspace/skills/openrouter-image-generation/scripts/generate_image.py ... Preflight: `command -v uv`
Ensure `uv` is installed before use, or update the skill metadata to declare it as a required binary.