ClawHub
Back to skill
v1.0.0

Configure Openclaw Anyrouter Model And Fix Baseurl

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:02 AM.

Analysis

This instruction-only skill matches its stated purpose, but it changes persistent OpenClaw/ClaudeCode model-routing settings and handles provider API keys, so users should review the exact config changes before use.

GuidanceBefore installing or using this skill, make sure you want an agent to edit OpenClaw and ClaudeCode model configuration. Back up the config files, prefer environment-variable API keys over plaintext, verify that `https://anyrouter.top` is the intended gateway, and require the agent to re-check current logs/configs rather than relying on the skill's prior-run examples.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
把默认模型切到 `anyrouter/claude-opus-4-6`,并同时确认 `agents.defaults` 与 `agents.list.main` 都已对齐

The skill instructs the agent to change persistent OpenClaw model-routing configuration. This is central to the skill's purpose, but it changes future agent behavior.

User impactFuture OpenClaw sessions may use a different model or provider than before.
RecommendationReview the config diff, keep a backup of the previous settings, and confirm the target provider/model before restarting OpenClaw.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.

There is no executable install surface, but the skill's provenance is limited for an artifact that guides local configuration and credential handling.

User impactUsers have less external context for deciding whether to trust the configuration guidance.
RecommendationInstall only if you trust the publisher or can independently verify the AnyRouter/OpenClaw configuration steps.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
环境变量版:`"apiKey": "${AnyRouterKey}"` ... 明文版:`"apiKey": "[REDACTED]"`

The skill handles a provider API key and notes that it may be referenced through an environment variable or written directly into config. This is expected for a model-provider integration, but it is credential-sensitive.

User impactA provider key stored in plaintext config could be exposed to anyone or any tool that can read that file.
RecommendationPrefer environment-variable references, limit file permissions on config files, and use a scoped/revocable provider key.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
对 `https://anyrouter.top/v1/messages` 发最小请求 ... `ANTHROPIC_BASE_URL = https://anyrouter.top`

The skill routes model validation and ClaudeCode configuration through an external AnyRouter gateway. This is disclosed and purpose-aligned, but prompts and authentication may flow to that provider.

User impactModel requests and related metadata may be sent to the configured external gateway.
RecommendationUse this only if you trust the configured AnyRouter endpoint and understand what data your model requests may contain.
Memory and Context Poisoning
SeverityLowConfidenceMediumStatusNote
SKILL.md
本次实际结论是:当前小肠 Agent:`anyrouter/claude-opus-4-6`

The skill includes prior-run conclusions inside reusable instructions. If over-trusted, those statements could be mistaken for the current user's actual state.

User impactThe agent could give stale or incorrect status unless it re-checks the current config and logs.
RecommendationTreat all '本次' observations as examples and require the agent to re-read current files/logs before making claims or changes.