ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenRouter Free Model Rotate

v2.0.0

Scan OpenRouter for available free models (zero cost), benchmark them, score by capability, and auto-update OpenClaw config with the best ones. Use when: "ro...

0· 112·1 current·1 all-time
by@liligit1815

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for liligit1815/openrouter-free-rotate.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "OpenRouter Free Model Rotate" (liligit1815/openrouter-free-rotate) from ClawHub.
Skill page: https://clawhub.ai/liligit1815/openrouter-free-rotate
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openrouter-free-rotate

ClawHub CLI

Package manager switcher

npx clawhub@latest install openrouter-free-rotate
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and the bundled script clearly require an OpenRouter API key and perform API calls to openrouter.ai. However the registry metadata lists no required environment variables or primary credential. That is an incoherence: the skill needs credentials to function but the package metadata does not declare them.
!
Instruction Scope
Instructions and the script perform network calls to OpenRouter, cache results under ~/.openclaw/state, and (per SKILL.md) can auto-update openclaw.json and models.json and optionally restart the gateway. Modifying agent configuration and restarting services is within the stated purpose but is a sensitive operation and the SKILL.md does not clearly constrain which paths will be written or provide safety checks. The script also recommends cron scheduling for autonomous periodic runs.
Install Mechanism
No install spec; the skill ships an instruction file and a local Python script. There is no remote download or archive extraction. That keeps install risk relatively low compared to pulling remote binaries.
!
Credentials
The script expects an API key (CLI flag default is $OPENROUTER_API_KEY) but the skill metadata declares no required env or primary credential. Requesting an OpenRouter API key is proportionate to the stated task, but metadata omission is misleading. No other unrelated credentials are requested in files provided.
!
Persistence & Privilege
The script writes cache to ~/.openclaw/state and (per SKILL.md) will update openclaw.json and models.json and optionally restart a gateway. Those are persistent and privileged actions affecting agent configuration and runtime. While plausible for a rotation tool, this behavior increases blast radius and should be enabled only after auditing the code and backing up configs. always:false (not force-installed) mitigates some risk.
What to consider before installing
Key points to consider before installing or running this skill: - Metadata mismatch: the script expects an OpenRouter API key (CLI flag or $OPENROUTER_API_KEY) but the skill metadata lists no required env — treat that as a red flag and supply credentials only after review. - Review the rest of the bundled code (the provided file is truncated in the listing): specifically locate and inspect functions that write to openclaw.json, models.json, cache files, and any gateway restart logic. Confirm they only modify intended files and use safe atomic writes/backups. - Run initial tests in read-only mode: use --scan or --no-update, --use-cache, and avoid --restart until you confirm outputs. Save JSON reports (--json) and inspect before applying changes. - Backup configs: back up your openclaw.json and models.json before letting the script auto-update them or before adding a cron job. - Limit credential scope: if OpenRouter supports scoped/limited keys, use a limited key for testing. Do not paste high-privilege keys into cron entries or world-readable scripts. - Permissions & sandboxing: consider running the script under a dedicated service account or container so its filesystem effects are constrained to ~/.openclaw or a designated directory. - Automation caution: the SKILL.md recommends cron every 6 hours and the script can restart a gateway — only enable automated runs after code review and confirming behavior. If you want, I can: (a) finish reviewing the remainder of the bundled script for the exact config-write and restart calls (the file listing was truncated), or (b) produce a checklist and safe example commands to run the script in audit mode.

Like a lobster shell, security has layers — review code before you run it.

auto-rotatevk9718pk8y97g2ydrpqads14mz9844ep3benchmarksvk9718pk8y97g2ydrpqads14mz9844ep3concurrentvk9718pk8y97g2ydrpqads14mz9844ep3free-modelsvk9718pk8y97g2ydrpqads14mz9844ep3latestvk9718pk8y97g2ydrpqads14mz9844ep3openroutervk9718pk8y97g2ydrpqads14mz9844ep3scoringvk9718pk8y97g2ydrpqads14mz9844ep3
112downloads
0stars
2versions
Updated 3w ago
v2.0.0
MIT-0
@liligit1815
auto-rotatebenchmarksconcurrentfree-modelslatestopenrouterscoring
Download

OpenRouter Free Model Rotate v2.0

Capabilities

  • Smart scoring — ranks models by context window, multimodal support, reasoning ability, output length, and latency
  • Concurrent testing — tests multiple models at once (configurable workers)
  • Quality benchmark — PONG instruction-following test
  • Capability filter — text-only / multimodal / image / reasoning / large context
  • Result caching — 1-hour cache to avoid redundant API calls
  • JSON report — export results for analysis
  • Auto config — updates openclaw.json + models.json + optional gateway restart

Quick Start

# Full flow: scan → bench → test → update → restart (recommended)
scripts/rotate_free_models.py --api-key "sk-or-xxx" --restart

# Quick rotate (no bench, just connectivity)
scripts/rotate_free_models.py --api-key "sk-or-xxx" --test 30 --keep 10 --restart

# Scan + show ranked by score (no changes)
scripts/rotate_free_models.py --api-key "sk-or-xxx" --scan --sort score

# Quality benchmark
scripts/rotate_free_models.py --api-key "sk-or-xxx" --bench --json report.json

# Filter: only multimodal models
scripts/rotate_free_models.py --api-key "sk-or-xxx" --filter multimodal --restart

# Use cached results (<1h old), skip retesting
scripts/rotate_free_models.py --api-key "sk-or-xxx" --use-cache --keep 10

# Save JSON report
scripts/rotate_free_models.py --api-key "sk-or-xxx" --json /tmp/report.json

Parameters

FlagDefaultDescription
--api-key$OPENROUTER_API_KEYOpenRouter API key
--test N0 (all)Max models to test
--keep N10Working models to keep in config
--workers N5Concurrent test workers
--timeout N15Per-model timeout (seconds)
--benchoffEnable quality benchmark
--filter TYPEallall/text/multimodal/image/reasoning/fast/large
--sort BYscorescore/latency/name
--use-cacheoffUse 1h cached results
--json FILEnoneSave JSON report
--restartoffRestart gateway after update
--no-updateoffDon't change configs
--scanoffScan only, no testing

Scoring Algorithm

Models are ranked by a weighted composite:

FactorWeightEffect
Context window+2 per 100K tokensMore context = higher score
Max output tokens+0.5 per 1KLonger output = higher
Image input+5Multimodal bonus
Audio input+5Multimodal bonus
Video input+3Advanced capability
Reasoning support+8Chain-of-thought bonus
Latency-0.3 per 100msFaster = higher score
Brand quality+2~5Qwen-Coder, Llama-70B, GPT, Gemini recognized

Scheduling

Run via cron every 6 hours for auto-rotation:

0 */6 * * *  python3 rotate_free_models.py --api-key "sk-or-xxx" --restart > /var/log/model-rotate.log 2>&1

Comments

Loading comments...