API usage optimization

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill appears aligned with its purpose of configuring cheaper AI model routing, but it uses provider API keys and can persistently change OpenClaw's default model behavior.

This skill is not showing malicious behavior in the provided artifacts. Before installing or running it, review the generated OpenClaw config, choose the intended mode carefully, keep the backup file, and make sure you are comfortable with the listed model providers receiving your future prompts.

Static analysis

Env credential access

Critical

Finding: Environment variable access combined with network send.

Env credential access

Critical

Finding: Environment variable access combined with network send.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

Medium

What this means

If applied, the generated configuration can change which models future OpenClaw agents use by default.

Why it was flagged

The skill instructs the user to patch OpenClaw's configuration and restart the gateway, which is powerful but clearly tied to the stated routing/fallback purpose.

Skill content

cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.backup ... openclaw config.patch < ~/.openclaw/free-models.json ... openclaw gateway restart

Recommendation

Review the generated configuration first, keep the backup, and only apply the mode you intentionally selected.

#ASI03: Identity and Privilege Abuse

Low

What this means

Your OpenRouter, SiliconFlow, NVIDIA, DeepSeek, or Zhipu credentials may be used to query provider APIs when you run the scripts.

Why it was flagged

The script reads API keys from environment variables and sends them as Bearer tokens to provider APIs for model checks, which is expected for this integration.

Skill content

const apiKey = process.env[endpoint.apiKeyEnv]; ... 'Authorization': `Bearer ${apiKey}`

Recommendation

Use provider keys with the minimum needed scope, avoid committing keys to repositories, and run the scripts only in a trusted environment.

#ASI07: Insecure Inter-Agent Communication

Low

What this means

Future prompts may be handled by providers other than your current primary model provider, depending on the selected mode and failures.

Why it was flagged

The generated routing configuration can send future model requests to multiple third-party providers as fallbacks or task-specific routes.

Skill content

"routing": { "coding": ["${您的主模型}", "siliconflow/...", "nvidia/..."], ... }

Recommendation

Confirm that each listed provider is acceptable for the kinds of data you send through OpenClaw.