ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Infinity Router

v2.1.0

Routes AI requests across free OpenRouter models for OpenClaw and Claude Code. Auto-discovers, scores, and configures the best free model with a smart fallba...

0· 39·0 current·0 all-time
by@genoshide
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is meant to route OpenRouter free models for OpenClaw/Claude Code and the code implements that: it fetches OpenRouter models, scores them, and reads/writes OpenClaw and Claude config files. However, the registry metadata lists no required env vars or config paths while SKILL.md and the code clearly require OPENROUTER_API_KEY and read/write ~/.openclaw/openclaw.json, ~/.openclaw/agents/main/agent/auth-profiles.json and ~/.claude/settings.json. The missing declared requirements in registry metadata is an incoherence.
Instruction Scope
Runtime instructions in SKILL.md align with the tool's purpose (install, set OPENROUTER_API_KEY, run pick/watch/daemon). The tool reads/writes user config files (~/.openclaw, ~/.claude), creates cache and state under ~/.infinity-router, and can POST rotation events to a user-supplied webhook. One inconsistency: SKILL.md/watch claims it 'Runs openclaw gateway restart automatically' on rotate, but the visible daemon.rotate implementation updates configs and fallbacks without calling any restart command — the automatic restart behavior may live in watcher.py or be only advisory. Also the CLI and docs mention filenames with slight naming inconsistencies (auth-profile.json vs auth-profiles.json) though code uses auth-profiles.json.
Install Mechanism
There is no registry install spec, but the project includes an install.sh that creates a local venv, pip-installs the package, and symlinks CLI binaries into /usr/local/bin. Symlinking to /usr/local/bin may require elevated permissions (install.sh does not use sudo), and will replace any existing names at that path. The installer also attempts to register a symlink under ~/.openclaw/workspace/skills. No network downloads from unknown hosts are present; dependencies are installed via pip.
!
Credentials
The tool legitimately requires OpenRouter API key(s) (OPENROUTER_API_KEY) and supports multiple keys for rotation. That credential is proportional to the stated purpose. The problem is the registry metadata omitted declaring this required env var. The code also reads the OpenClaw per-agent auth store and openclaw.json env block for keys — that is expected for integration but worth noting.
Persistence & Privilege
The skill does not request 'always: true' and uses normal user-level persistence (creates ~/.infinity-router, caches and rate-limit files, daemon-state.json). It can be run as a long-lived daemon (infinity-router-daemon / watch) which will autonomously rotate models. Autonomy combined with file writes is normal for this functionality but you should be aware a background process may change your OpenClaw/Claude model settings over time.
What to consider before installing
This package appears to implement exactly what it promises (auto-discovering and rotating free OpenRouter models), but there are a few things to check before installing: - The registry metadata omits required env/config declarations. SKILL.md and the code require OPENROUTER_API_KEY (you must set this) and the tool will read/write ~/.openclaw/openclaw.json and may read ~/.openclaw/agents/main/agent/auth-profiles.json and ~/.claude/settings.json. Back up those files before running the tool. - install.sh symlinks binaries into /usr/local/bin (may need sudo) and will replace any existing names there; inspect the script and decide whether to run it as your user or install via pipx/venv instead. - The tool stores cache and state under ~/.infinity-router (model-cache.json, rate-limits.json, daemon-state.json). If you run the daemon/watch it will run continuously and may rotate your models automatically. - The watcher can POST rotation events to a webhook you supply; do not provide a webhook you don't control — rotation events may include model IDs and other local state. - There are minor code/document inconsistencies (some filename typos and an odd formatting helper for the free router), which look like bugs rather than malicious behavior. If you require higher assurance, inspect watcher.py (not shown in full) to confirm whether it invokes external commands (e.g., openclaw gateway restart) or posts sensitive data to endpoints, and run the tool in a contained environment first. If you proceed: back up OpenClaw/Claude config files, set the OPENROUTER_API_KEY(s) you control, and consider running the CLI manually (not the daemon) until you verify behavior.

Like a lobster shell, security has layers — review code before you run it.

free-aivk970pqa7v83zwp1w1jym2bzhgx84mn92latestvk970pqa7v83zwp1w1jym2bzhgx84mn92llm-routingvk970pqa7v83zwp1w1jym2bzhgx84mn92model-fallbackvk970pqa7v83zwp1w1jym2bzhgx84mn92openclawvk970pqa7v83zwp1w1jym2bzhgx84mn92openroutervk970pqa7v83zwp1w1jym2bzhgx84mn92rate-limitvk970pqa7v83zwp1w1jym2bzhgx84mn92

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments