ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenRouter Analytics

v1.0.0

Review OpenRouter usage, analytics, and troubleshooting data via API. Use when the user asks for spend/usage monitoring, activity trends, per-key management...

0· 667·0 current·0 all-time
byPedro Gonzalez@plgonzalezrx8
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The script and SKILL.md implement OpenRouter management and per-request debugging operations (activity, credits, keys, generation) that fit the skill name/description. However, the registry metadata declares no required environment variables or config paths while the runtime requires OPENROUTER_MANAGEMENT_KEY and OPENROUTER_API_KEY — an omission in the manifest that reduces transparency.
Instruction Scope
Runtime instructions ask the user to run the included Python script and describe expected flags. The SKILL.md and script both state the script will auto-load ~/.openclaw/.env and a current-directory .env before execution — this means the skill will read user dotfiles for credentials/config, which is reasonable for a CLI but should have been declared explicitly.
Install Mechanism
No install spec is provided (instruction-only with an included helper script). Nothing in the package attempts to download or install external code during install. This is the lowest-risk install model.
!
Credentials
The credentials the script uses (a management key for aggregate data and a regular API key for per-request lookups) are proportionate to the stated functionality. However, the registry declares no required environment variables or config paths while the script depends on OPENROUTER_MANAGEMENT_KEY and OPENROUTER_API_KEY and will read ~/.openclaw/.env and ./.env — the lack of these declarations is an incoherence and a transparency/privacy concern.
Persistence & Privilege
The skill does not request permanent/always-on presence and does not modify other skills or system-wide settings. It runs as a user-invoked script and doesn’t appear to attempt privilege escalation.
What to consider before installing
Before installing or running: (1) Recognize that the script requires two OpenRouter keys (OPENROUTER_MANAGEMENT_KEY and OPENROUTER_API_KEY) even though the registry metadata lists none — confirm you are comfortable providing those. (2) The script auto-loads ~/.openclaw/.env and ./.env; inspect those files for other secrets before running or move keys to a dedicated env file. (3) Review the full script (included) for any network endpoints or unexpected behavior (the visible code calls https://openrouter.ai/api/v1). (4) Run the script in an isolated environment (or with test keys) if you’re unsure about the source, and ask the publisher to update the package metadata to declare required env vars and config paths for transparency. (5) If you want higher assurance, request or verify an official homepage or trusted publisher identity before trusting management-level keys.

Like a lobster shell, security has layers — review code before you run it.

latestvk97axx6smwx7cvvh0y55yyvwcn81ck0m
667downloads
0stars
1versions
Updated 3h ago
v1.0.0
MIT-0
Pedro Gonzalez@plgonzalezrx8
latest
Download

OpenRouter Analytics

Use this skill to pull management-level usage data and request-level troubleshooting details from OpenRouter.

Quick Start

Run from this skill folder:

cd ~/clawd/skills/openrouter-analytics

Management key operations (set OPENROUTER_MANAGEMENT_KEY):

python3 scripts/openrouter_analytics.py activity --limit 20
python3 scripts/openrouter_analytics.py activity --date 2026-02-18
python3 scripts/openrouter_analytics.py activity --from 2026-02-01 --to 2026-02-18 --summary --csv /tmp/activity.csv
python3 scripts/openrouter_analytics.py credits
python3 scripts/openrouter_analytics.py keys --limit 50 --summary
python3 scripts/openrouter_analytics.py report --from 2026-02-01 --to 2026-02-18 --format markdown

Request-level troubleshooting (set OPENROUTER_API_KEY):

python3 scripts/openrouter_analytics.py generation --id <generation_id>

Use --raw on any command to print full JSON.

Workflow

  1. Check macro activity
    • Run activity for daily spend/traffic patterns.
  2. Check account-level usage
    • Run credits to review consumed vs remaining credits.
  3. Find key-level consumers
    • Run keys to identify which keys are driving usage.
  4. Investigate incidents
    • Run generation --id ... for detailed logs on one request (latency, fallback providers, finish reason, token and cost details).

Notes

  • activity, credits, keys, and report require a Management API key.
  • generation uses a standard OpenRouter API key and requires the request id.
  • The script auto-loads ~/.openclaw/.env and current-directory .env before execution.
  • Use --retries and --timeout to tune robustness under transient API/network issues.
  • Keep generation IDs in your application logs to support reliable post-incident analysis.

Resources

  • Endpoint reference and field guide: references/endpoints.md
  • CLI helper script: scripts/openrouter_analytics.py

Comments

Loading comments...