Back to skill
Skillv1.0.0
ClawScan security
https://openrouter.ezsite.ai - Unified LLM API — one key for Claude, GPT, Gemini. 2x credits, auto-failover, OpenAI-compatible. · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 2, 2026, 3:24 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only skill that documents how to use the third‑party EZRouter (openrouter.ezsite.ai) proxy for Claude/OpenAI/Gemini; the instructions, required inputs, and metadata are internally consistent — main risk is trusting a third party with your API key and usage.
- Guidance
- This skill is basically documentation for using a third‑party LLM proxy (openrouter.ezsite.ai). It appears internally consistent, but before using it: 1) Verify the service identity and reputation (look for an official homepage, company info, privacy policy, and HTTPS certificate). 2) Never reuse high-privilege keys — create a dedicated API key/account for EZRouter and keep initial funding minimal so you can test usage/behavior. 3) Understand that any prompts and responses routed through EZRouter are visible to that provider — avoid sending sensitive or regulated data. 4) Confirm pricing/credits and check billing/usage logs regularly. 5) If you rely on true provider-native policies or compliance, validate that the proxy actually supports the features you need. If you want, I can list specific checks to verify the service (domains, TLS, whois, online reputation) or draft a minimal test plan using a low-value account.
Review Dimensions
- Purpose & Capability
- okThe name/description promise (a unified proxy API for Claude, OpenAI, and Gemini) matches the SKILL.md examples and base URLs. The skill requests no unrelated binaries, env vars, or config paths; everything shown is appropriate for an integration guide to a third‑party LLM proxy.
- Instruction Scope
- okSKILL.md only contains usage examples (curl, Python, TypeScript), environment variable examples, and model/list endpoints. It does not instruct the agent to read unrelated local files, secrets, or system config, nor to transmit data to unexpected endpoints beyond the stated proxy URLs.
- Install Mechanism
- okThere is no install spec and no code files — this is instruction-only content, so nothing is downloaded or written to disk by the skill itself.
- Credentials
- noteThe metadata requires no env vars, which is consistent for an instruction-only skill. SKILL.md shows the user will need to supply an EZROUTER API key (e.g., EZROUTER_API_KEY or ANTHROPIC_API_KEY) to use the service — this is expected, but handing a third party an API key is a meaningful privilege and should be treated carefully.
- Persistence & Privilege
- okThe skill is not marked always:true, requests no system persistence, and does not modify agent/system settings. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.