Rotate OpenRouter Key
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: rotate-openrouter-key Version: 1.0.0 The skill's stated purpose is benign, aiming to safely rotate OpenRouter API keys. The Python script `scripts/update-openrouter-key.py` is well-behaved, confining file operations to `~/.openclaw` and network calls to `openrouter.ai`. However, the `SKILL.md`, `README.md`, and `references/key-rotation-guide.md` files contain instructions for the AI agent that present critical prompt injection vulnerabilities. Specifically, shell commands involving user-provided input (e.g., `ssh <host> "..."`, `python3 scripts/update-openrouter-key.py --key "sk-or-v1-NEW-KEY"`, `python3 -c "...YOUR-NEW-KEY..."`, `curl ... YOUR-NEW-KEY`) are susceptible to arbitrary command execution if the AI agent does not rigorously sanitize or escape user input before constructing and executing these shell commands. This constitutes a significant remote code execution risk, classifying the skill as suspicious due to these vulnerabilities in its instructions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The new API key is used to authenticate to OpenRouter and may reveal account metadata such as label, limits, and remaining balance in local output.
The helper sends the provided OpenRouter API key to OpenRouter's auth endpoint to verify it. This is expected for the stated purpose, but it is still credential-bearing account access.
"https://openrouter.ai/api/v1/auth/key", headers={"Authorization": f"Bearer {key}", "Accept": "application/json"}Only provide the key when you intend to rotate it, verify that the endpoint is OpenRouter's real API, and avoid pasting real keys into shared logs or transcripts.
If the wrong key is supplied or too many files are updated, OpenRouter model access across the OpenClaw installation could fail until restored.
The workflow intentionally mutates multiple OpenClaw configuration files. This is purpose-aligned and scoped, but a wrong key or unintended target could affect all OpenRouter-backed agents.
Finds all config files (`.env` + JSON) containing an openrouter key ... Creates timestamped backups before each write ... Updates only the key value
Use `--find` or `--dry-run` first, review the listed paths, keep the generated backups until the new key is confirmed, and restart the gateway only after verifying the changes.
Install-time metadata may understate what the skill needs at runtime, so users relying only on metadata could miss that it handles an API key and runs a Python helper.
The registry metadata does not declare the Python/OpenClaw command usage or credential handling that the README and SKILL.md document. The behavior is disclosed in the artifacts, so this is an install-review note rather than a concern.
Required binaries (all must exist): none ... Primary credential: none
Review the included script and documentation before use, and ensure Python and the intended OpenClaw installation are available.