Add Top OpenRouter Models

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: update local OpenClaw/OpenRouter model configuration, with backups, but users should expect local config edits and a gateway restart.

Install only if you want this skill to modify your OpenClaw model configuration. Before running it, review the generated changes, confirm that it will only use your OpenRouter key for OpenRouter API calls, keep the backups it creates, and restart the gateway only when a brief interruption is acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill performs sensitive actions—network access, environment/config reads, and local file writes—without any declared permissions or guardrails. In an agent ecosystem, this weakens reviewability and consent boundaries, making it easier for a seemingly routine sync skill to modify configuration or access secrets unexpectedly.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 84% confidence
Finding: The description says the skill syncs OpenRouter models, but the documented behavior also includes reading API keys/config, auto-discovering directories, writing multiple config files, creating backups, and restarting a gateway. Even if these actions support the stated goal, under-disclosing side effects is dangerous because users may invoke the skill without realizing it will access credentials and alter runtime configuration.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README states that the agent will restart the gateway during normal use, but the description and usage guidance do not prominently warn users about this disruptive side effect before execution. Unexpected service restarts can interrupt active sessions, cause transient downtime, and make users approve an operation without understanding its operational impact.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrase "add missing models" is broad enough to match generic model-management requests that may not specifically intend to run this skill. In an agent environment, overly broad triggers can cause unintended skill invocation, leading to unreviewed configuration changes or external network actions in response to ambiguous user input.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal