Skillv1.0.0

ClawScan security

Openrouter Free · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 10, 2026, 6:16 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (listing and calling free OpenRouter models); it only needs an OpenRouter API key and contacts openrouter.ai — there are no hidden endpoints or broad unrelated credential requests.
Guidance: This skill appears to do exactly what it says: list free OpenRouter models and call them. Before installing: (1) only provide an OpenRouter API key; prefer setting OPENROUTER_API_KEY in the environment when running rather than putting many secrets into a shared .env file; (2) be aware the script will try to read /root/.openclaw/workspace/.env as a fallback to find the key — avoid storing unrelated secrets there; (3) ensure you trust openrouter.ai and that the API key you provide has appropriate scope/limits (use a dedicated key if possible). If you want extra caution, review or run the script locally to confirm behavior and ensure the Python 'requests' dependency is available from a trusted source.

Purpose & Capability: okName/description promise (query and call free OpenRouter models) aligns with the implementation: the code lists models via /api/v1/models and posts chat requests to /api/v1/chat/completions. No unrelated services, binaries, or credentials are requested.
Instruction Scope: noteSKILL.md instructs the user to set OPENROUTER_API_KEY and run the provided Python script, which is consistent. The implementation has a minor scope surprise: as a fallback it attempts to read /root/.openclaw/workspace/.env to find OPENROUTER_API_KEY. That file read is limited (only scans for the key) but is not documented in SKILL.md.
Install Mechanism: okThis is an instruction-only skill with an included Python file; there is no install spec, no external downloads, and nothing is written to disk by an installer. The script depends on the requests library (not declared), which is a normal runtime dependency for a Python tool.
Credentials: noteOnly OPENROUTER_API_KEY is required, which is appropriate. A minor proportionality concern: the script will try to read a specific agent workspace .env file as a fallback to obtain the same key. That is a convenience behavior but could accidentally pick up credentials stored in a shared workspace if users put other secrets there.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills or system configs, and only runs when invoked. It does not persist new agent-wide settings.