ClawHub

OpenRouter Free Model Rotate

Security checks across malware telemetry and agentic risk

Overview

This skill matches its model-rotation purpose, but it can rewrite OpenClaw model settings and restart the gateway with weak safeguards.

Install only if you are comfortable with a tool that changes OpenClaw model configuration. Prefer OPENROUTER_API_KEY over --api-key, run --scan or --no-update first, back up ~/.openclaw/openclaw.json and ~/.openclaw/agents/main/agent/models.json, and avoid the cron-plus---restart example unless you have monitoring and rollback in place.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill can signal and effectively restart local gateway processes after updating configuration, which exceeds a pure scanning/benchmarking role and changes local system state. In this context, the danger is increased because the script also auto-selects remote models and rewrites local config, so a single run can alter active infrastructure and disrupt service without an explicit confirmation step.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Using `pgrep -f` to enumerate matching local processes broadens the skill's capabilities beyond model rotation and can affect unintended processes if names collide. The skill context makes this more dangerous because it turns a model-management utility into a local process-management tool, increasing blast radius if the matching pattern is overly broad or the environment is unexpected.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly states it will auto-update local configuration files and may restart a gateway, but it does not prominently warn users that it performs persistent system changes. In this context, silent modification of config plus service restart can cause downtime, misconfiguration, or operational surprises if invoked in an automated workflow.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The example commands pass the OpenRouter API key directly on the command line, which can expose credentials through shell history, process listings, logs, and monitoring tools. Because this skill is intended for repeated operational use, the examples normalize an unsafe practice that can lead to credential compromise.

Missing User Warnings

High
Confidence
99% confidence
Finding
The cron example embeds an API key directly in a persistent scheduled command and combines it with automatic restart behavior. This is especially dangerous because cron entries and redirected logs can expose secrets long-term, while unattended config changes and restarts can repeatedly impact service availability without human review.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script overwrites `openclaw.json` and `models.json` with auto-generated model lists, modifying persistent local configuration without a preview, backup, or confirmation. In this skill context, that is significant because remote API responses directly influence which models become active, so bad selections or unexpected data can silently change future agent behavior.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Gateway restart signaling is triggered from a command-line flag without an additional warning or confirmation immediately before the disruptive action. Given this skill's role in scanning remote models and mutating local config, automatically reloading a live gateway can cause service interruption or apply unintended changes at once.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal