OpenRouter Free Helper

This skill appears to do what it says (scrape OpenRouter pages, detect 'Going away' notices, discover new free models), but check these before installing: - Inspect the full check-models.py to see exactly how notifications are sent. Determine where Feishu credentials (webhook/token) are expected — the skill does not declare env vars for them and likely reads them from your existing OpenClaw configuration (openclaw.json) or expects you to configure them manually. Avoid placing secrets into files without encryption; prefer platform-managed secrets if available. - The script can auto-start Chrome in remote-debugging mode (port 9222). That opens a local debugging port — run this only on a trusted, single-user machine or restrict access (Chrome is started with an isolated profile in /tmp, but the debug port is network-accessible on localhost). If you don't need bb-browser, skip installing it to reduce attack surface. - Run the scripts manually in a sandbox (or inspect runtime behavior with verbose/dry-run flags) before enabling any cron/automation. Verify network destinations — the code should only access openrouter.ai (and local bb-browser adapters if used). - Review ~/.openclaw/openclaw.json to understand what the skill will read; if that file contains tokens for other services, confirm you’re comfortable the skill will access only the needed fields. - If you need higher assurance, request the author to document where notification credentials live (explicit env vars or secure config), or modify the code to require an explicit Feishu webhook env var rather than silently using a shared config file. Given these ambiguities about credential handling and the Chrome debug behavior, proceed only after verifying notification implementation and local config contents.