ClawHub

Operrouter Connect

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned for using OpenRouter free models, but it reads an OpenRouter API key and sends prompts to OpenRouter, so users should avoid sensitive prompts and confirm any non-free model use.

This skill is reasonable for OpenRouter free-model workflows. Before installing, be aware that it uses an OPENROUTER_API_KEY even though the metadata does not declare one, sends your prompt text to OpenRouter, caches only model-list data in /tmp, and can call a non-free model if one is forced. Use a dedicated API key and confirm costs before using any explicitly named model.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI03: Identity and Privilege Abuse
Medium
What this means

The skill can use the user's OpenRouter account credential to make API calls. This is expected for OpenRouter integration, but it is still account access.

Why it was flagged

The script reads an OpenRouter API key from local environment files or shell environment and uses it as a bearer token for OpenRouter API calls.

Skill content
env.update(load_env_file(Path.home() / ".env")) ... env.update(load_env_file(Path(".env"))) ... request.add_header("Authorization", f"Bearer {api_key}")
Recommendation

Use a dedicated OpenRouter key, keep it scoped/rotatable where possible, and note that the registry metadata does not declare the credential requirement.

#
ASI07: Insecure Inter-Agent Communication
Medium
What this means

Anything included in the prompt may be transmitted to OpenRouter and then routed to a selected model provider.

Why it was flagged

User prompts are sent to OpenRouter's chat completions endpoint as part of the proxy workflow.

Skill content
CHAT_ENDPOINT = f"{OPENROUTER_API_BASE}/chat/completions" ... {"role": "user", "content": prompt}
Recommendation

Do not send secrets, private documents, or sensitive personal data unless you are comfortable sharing them with OpenRouter/model providers.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

Using a paid model ID could create OpenRouter usage costs despite the skill's free-model focus.

Why it was flagged

The forced-model option bypasses the free-model filtering path, so a non-free model could be called if explicitly supplied.

Skill content
--model MODEL    Force a specific model (skips preference resolution) ... if forced_model: return [forced_model]
Recommendation

Only force a model after checking whether it is free, and require explicit user confirmation before calling any model that may incur cost.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

The helper scripts are included in the artifact set, but path/install assumptions may be unclear or brittle.

Why it was flagged

The skill references helper scripts through hardcoded absolute paths while the install specification says this is an instruction-only skill.

Skill content
python3 /home/claude/openrouter-connect/scripts/resolve_key.py
Recommendation

Before installing, confirm the skill's scripts are installed at the referenced path or update the commands to use the actual installed location.