ClawHub

Rotate OpenRouter Key

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate OpenRouter key-rotation helper, but it deserves review because it handles live API keys in ways that can expose or preserve secrets.

Install only if you intentionally want an agent to rotate an OpenRouter key for OpenClaw. Use dry-run or find mode first, review the paths, avoid pasting real keys into reusable shell commands or shared chats, redact any discovered keys before reporting them, limit SSH use to hosts you explicitly name, and delete or protect backups and shell history that may contain old keys.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to read config files, modify them, and contact an external API, but it declares no permissions. That creates a capability/consent mismatch: an operator may believe the skill is low-risk while it can access secrets, rewrite persistent configuration, and transmit a provided key over the network for verification.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented behavior does not fully match the effective behavior: the skill discovers secret locations, may reveal partial key material, performs external verification calls, and claims to restart the gateway even though it only prints an instruction. This mismatch is dangerous because users may approve the skill under false assumptions, leading to unintended secret disclosure, unapproved outbound transmission of credentials, or a false belief that remediation is complete when the service was not actually restarted.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs users to place the full OpenRouter API key directly on the command line in a curl Authorization header. This can leak the credential via shell history, process listings, terminal scrollback, logging, or remote session capture, which is especially risky during credential rotation when both old and new secrets may be exposed.

Session Persistence

Medium
Category
Rogue Agent
Content
The script:
- Finds all config files (`.env` + JSON) containing an openrouter key
- Creates timestamped backups before each write
- Updates only the key value (minimal change)
- Verifies the new key against the OpenRouter API
- Reports what it changed
Confidence
82% confidence
Finding
write - Updates only the key value (minimal change) - Verifies the new key against the OpenRouter API - Reports what it changed Preview first with `--dry-run`: ```bash python3 scripts/update-openrout

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal