ClawHub

Openrouter

v1.0.2

OpenRouter integration. Manage data, records, and automate workflows. Use when the user wants to interact with OpenRouter data.

0· 96·0 current·0 all-time
byMembrane Dev@membranedev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (OpenRouter integration) matches the runtime instructions: the SKILL.md tells the agent to use the Membrane CLI to discover/connect to OpenRouter and run actions or proxy requests. No unrelated services, env vars, or files are requested.
Instruction Scope
SKILL.md only instructs installing and using the Membrane CLI, running membrane login/connect/action/request commands, and using Membrane as an auth proxy. It does not instruct reading arbitrary files, harvesting environment variables, or sending data to unexpected endpoints beyond Membrane/OpenRouter.
Install Mechanism
The manifest contains no automated install spec; the SKILL.md recommends installing @membranehq/cli via npm -g. This is expected for a CLI-driven integration but has the usual caveats of installing third‑party global npm packages (privileged install, remote code from npm registry).
Credentials
The skill declares no required env vars or credentials and explicitly advises letting Membrane handle creds. That is proportionate to the stated purpose; there is no evidence it asks for unrelated secrets.
Persistence & Privilege
Skill is user-invocable, not always-enabled, and allows normal autonomous invocation. It does not request persistent system-wide configuration or modify other skills; this is the expected privilege model.
Assessment
This skill is coherent: it tells you to install and use the Membrane CLI to connect to OpenRouter and does not ask for extra secrets. Before installing, verify the Membrane CLI source (https://getmembrane.com and the GitHub repo) and confirm you trust that publisher. Be aware npm install -g writes global binaries and may require elevated permissions; review the package's homepage/repo and recent release history. Understand that using the skill will cause your data and API requests to flow through Membrane/OpenRouter (so review their privacy/security docs). In headless or shared environments, be cautious when copying auth codes/URLs. If you need stricter control, consider creating a least-privilege Membrane connection and review what actions/endpoints the connector is allowed to call.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c55k2ggwbebzrzbh2p3qcdn842es5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments