ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Operrouter Connect

v1.0.0

Use this skill whenever the user wants to work with OpenRouter's free LLM models. Triggers include: any mention of "OpenRouter", "free models", "openrouter-c...

0· 105·0 current·0 all-time
by@sh01-rgb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to discover, rank, proxy and scaffold code for OpenRouter free models — the included scripts and templates implement exactly that. However the registry metadata declares no required environment variables while the SKILL.md and all scripts clearly expect an OPENROUTER_API_KEY; this metadata mismatch is an incoherence. Also SKILL.md uses a hard-coded absolute path (/home/claude/...) to invoke bundled scripts which is fragile and unexpected.
!
Instruction Scope
Runtime instructions tell the agent to read project .env, ~/.env and the shell environment and to run the included Python scripts which also merge os.environ. Reading and using OPENROUTER_API_KEY is expected for proxying, but the behaviour will also load the user's entire environment and .env files (potentially exposing other secrets). The SKILL.md explicitly instructs running scripts via an absolute path (/home/claude/...), which may run nothing on your system or accidentally call a different file if that path exists; this is an unexpected and suspicious detail.
Install Mechanism
There is no install spec (instruction-only behavior) and no remote downloads in the package. All code is bundled locally in the skill; nothing is fetched or executed from arbitrary URLs during install. This is the lower-risk install model.
!
Credentials
The scripts require OPENROUTER_API_KEY (used for proxied requests) which is proportionate to the proxying purpose — but the skill registry claimed no required env vars, creating an unexplained discrepancy. The scripts read ./ .env, ~/.env and os.environ: they will thus have visibility into all exported env vars and any values stored in those files. resolve_key.py prints a masked key fragment to stderr (exposes part of your key in logs/conversation). These behaviours are expected for making API calls but increase the risk of accidental exposure of unrelated secrets if run in an environment with many credentials.
Persistence & Privilege
The skill does not request permanent presence (always:false), does not modify other skills, and only writes a local cache file under /tmp/.openrouter_free_models_cache.json. No system-wide or cross-skill configuration modifications are present.
Scan Findings in Context
[network-openrouter-api] expected: Scripts make HTTP(S) calls to https://openrouter.ai/api/v1/models and /chat/completions — this is necessary for discovering models and proxying queries.
[reads-dotenv-and-env] expected: All scripts load project .env, ~/.env and os.environ to resolve OPENROUTER_API_KEY and optional preference variables. That is expected, but it means the scripts will see any other environment variables present.
[writes-tmp-cache] expected: Scripts cache discovered free-model lists to /tmp/.openrouter_free_models_cache.json. Caching is reasonable for network efficiency; note this writes to a shared /tmp path.
[masked-key-print] expected: resolve_key.py prints a masked version of the API key to stderr. This helps confirm the key exists but will leak a key prefix/suffix in logs or conversation if not careful.
[hardcoded-absolute-path] unexpected: SKILL.md examples call python3 /home/claude/openrouter-connect/scripts/resolve_key.py — this absolute path is not a reasonable assumption for most installs and is inconsistent with the included bundled scripts. It may indicate the author tested on a local machine and left a hard-coded path.
What to consider before installing
This skill mostly does what it says (find and proxy free OpenRouter models), but be aware of these issues before installing: - OPENROUTER_API_KEY is required at runtime (the registry metadata fails to declare it). Provide a dedicated, limited-scope key you trust and do not reuse high-value credentials. - The scripts load ./ .env, ~/.env and the process environment: if you run them in an environment with other secrets, those values will be visible to the process. Prefer running in a clean/sandboxed environment (or set only OPENROUTER_API_KEY) to avoid accidental exposure. - resolve_key.py prints a masked key fragment to stderr (some characters are shown). Expect that fragments may appear in logs or conversation history. - SKILL.md contains a hard-coded path (/home/claude/...) when invoking bundled scripts. Before running, update the commands to point to the skill's actual script locations or run them from the skill directory to avoid unexpected behavior. - The skill writes a cache file to /tmp; inspect that file if you have concerns about local storage. If you need higher assurance: ask the publisher to correct the registry metadata to declare OPENROUTER_API_KEY, remove hard-coded paths from SKILL.md, and explicitly document what env vars are read. Otherwise run the scripts manually in a controlled environment first to confirm behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97axkphh0zdx0c0tashpvg2kh8321sg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments