gpt5.5free
PassAudited by ClawScan on May 13, 2026.
Overview
This is a simple OpenRouter chat wrapper that uses an API key and sends prompts to the configured model provider; no hidden or destructive behavior was found.
Install only if you are comfortable providing an OpenRouter API key and sending prompts to OpenRouter or the configured API endpoint. Check that OPENROUTER_API_URL points where you expect, use a limited/free-tier key if possible, and remember this uses open-source/free models rather than official GPT-5.5.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The API key can authorize requests against the user's OpenRouter account and may consume quota or credits if misused.
The skill authenticates to an external model API using an environment API key. This is expected for the stated OpenRouter integration, but the key is sensitive and not declared in the registry requirements.
const API_KEY = process.env.OPENROUTER_API_KEY; ... 'Authorization': `Bearer ${API_KEY}`Use a dedicated/restricted OpenRouter key if possible, monitor usage, and rotate the key if it is exposed.
Anything typed into the skill may be sent to the configured model provider.
User prompts are sent to OpenRouter or to the optional custom API URL. This external provider data flow is central to the skill and is disclosed, but users should be aware of it.
const res = await fetch(API_URL, { method: 'POST', ... body: JSON.stringify({ model, messages: [{ role: 'user', content: prompt }] }) });Verify OPENROUTER_API_URL before use and avoid sending private or regulated data unless you trust the provider's privacy and retention practices.