ClawHub

AgentBox OpenRouter

v1.0.0

Set up OpenRouter as your LLM provider. Guides through account creation, API key setup, config, and making it the default model. Use when a user wants to use...

0· 364·0 current·0 all-time
byMisha Kolesnik@tenequm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the runtime instructions (guiding a user to create an OpenRouter API key and update AgentBox/OpenClaw config). However the SKILL.md expects the presence of tools/commands (jq, openclaw CLI, standard shell utilities) that are not declared in the skill metadata as required — a mismatch between claimed requirements and actual instructions.
!
Instruction Scope
Instructions tell the agent/user to read and overwrite the user's config file (~/.openclaw/openclaw.json) and to place the OpenRouter API key into .env.OPENROUTER_API_KEY. This is within scope for configuring a provider, but the skill also instructs asking the user to paste a sensitive API key into the conversation and makes no guidance about secure handling (file permissions, secret rotation). The SKILL.md references binaries (jq, openclaw) that were not declared; that mismatch can lead to surprising behavior if those tools are absent or different on the host.
Install Mechanism
This is instruction-only with no install spec or code to download — lower disk/installation risk. No external archives or network installs are invoked by the skill itself.
Credentials
The only secret used is the OpenRouter API key, which is appropriate for the stated purpose. But the skill does not declare any required environment variables or primary credential in its metadata even though it instructs storing a secret in the config file. The instructions will store the API key in cleartext in ~/.openclaw/openclaw.json unless the user takes precautions — this is expected for such a setup but should be made explicit.
!
Persistence & Privilege
The skill sets metadata openclaw.always = true. always:true forces the skill to be included in every agent run and increases its visibility/attack surface. Combined with the skill's behavior of soliciting and placing API keys into local config, this persistent inclusion elevates risk and should have an explicit justification (none is provided).
What to consider before installing
What to consider before installing: - The skill appears to do what it claims (configure OpenRouter), but it has always:true (always present) and the SKILL.md asks you to provide an API key — that combination increases risk. - Do not paste sensitive keys into chat unless you trust the skill/source. Prefer to run the provided jq commands locally yourself. - Make a backup before editing: cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bak. After editing, check file contents and set restrictive permissions (chmod 600 ~/.openclaw/openclaw.json). - Verify you have the expected tools (jq, openclaw CLI) installed before running commands. The skill metadata does not list these dependencies — ask the author to declare them. - Consider creating a limited/specific OpenRouter key (or rotating it) rather than reusing a broadly scoped secret. - Because of always:true, only install if you trust the skill owner and need this integration; otherwise run these steps manually or use a non-persistent helper.

Like a lobster shell, security has layers — review code before you run it.

latestvk977d6yg0r06varrxt3c7ryjw581wegy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

OpenRouter Setup for AgentBox

This skill guides users through configuring OpenRouter as their LLM provider on this AgentBox instance. OpenRouter gives access to models from Anthropic, OpenAI, Google, Meta, and others through a single API key.

When to use this skill

Invoke this when the user:

  • Wants to use a model through OpenRouter (e.g., "I want to use Claude Sonnet 4.5")
  • Asks about configuring a different LLM provider
  • Mentions OpenRouter
  • Wants access to models not available through the default blockrun provider

Setup flow

Step 1: Check for OpenRouter account

Ask the user if they have an OpenRouter account. If not, guide them:

To use OpenRouter, you'll need an account and API key:

  1. Go to https://openrouter.ai and sign up (Google/GitHub login works)
  2. Go to https://openrouter.ai/keys
  3. Click "Create Key"
  4. Copy the key (starts with sk-or-)

Let me know when you have your API key.

Step 2: Get the API key

Ask the user to provide their API key. It should start with sk-or-.

Step 3: Ask which model they want

If the user already specified a model, use that. Otherwise, recommend:

Recommended: Claude Sonnet 4.5 (openrouter/anthropic/claude-sonnet-4-5) - best balance of capability and cost for most tasks.

Other popular options:

  • openrouter/anthropic/claude-opus-4-6 - most capable, higher cost
  • openrouter/openai/gpt-4o - OpenAI's flagship
  • openrouter/google/gemini-2.5-pro - Google's best

Which model would you like as your default?

Step 4: Configure OpenClaw

Read the current config, modify it, and write it back:

# Read current config
cat ~/.openclaw/openclaw.json

Use jq to update the config. The two fields to set:

  1. env.OPENROUTER_API_KEY - the API key
  2. agents.defaults.model.primary - the default model
jq --arg key "sk-or-USER_KEY_HERE" \
   --arg model "openrouter/anthropic/claude-sonnet-4-5" \
   '.env.OPENROUTER_API_KEY = $key | .agents.defaults.model.primary = $model' \
   ~/.openclaw/openclaw.json > /tmp/openclaw-update.json \
   && mv /tmp/openclaw-update.json ~/.openclaw/openclaw.json

IMPORTANT: Always read the full config first, then modify. Never write a partial config file.

Step 5: Restart the gateway

openclaw gateway restart

Wait a few seconds, then verify:

openclaw status

Step 6: Confirm

Tell the user the setup is complete and their default model is now set to the chosen OpenRouter model. Suggest they send a test message to verify everything works.

Model reference format

OpenRouter models use the format openrouter/<provider>/<model>:

  • openrouter/anthropic/claude-sonnet-4-5
  • openrouter/anthropic/claude-opus-4-6
  • openrouter/anthropic/claude-haiku-3-5
  • openrouter/openai/gpt-4o
  • openrouter/openai/o1
  • openrouter/google/gemini-2.5-pro
  • openrouter/meta-llama/llama-3.3-70b-instruct

Full model list at https://openrouter.ai/models

Switching models later

To change the default model without re-entering the API key:

jq --arg model "openrouter/anthropic/claude-opus-4-6" \
   '.agents.defaults.model.primary = $model' \
   ~/.openclaw/openclaw.json > /tmp/openclaw-update.json \
   && mv /tmp/openclaw-update.json ~/.openclaw/openclaw.json
openclaw gateway restart

Troubleshooting

  • "Invalid API key": Verify the key starts with sk-or- and has credit on https://openrouter.ai/credits
  • Model not responding: Check if the model is available on https://openrouter.ai/models - some models have downtime
  • Config broken after edit: The issue is usually malformed JSON. Read the file with cat ~/.openclaw/openclaw.json | jq . to check syntax
  • Changes not taking effect: Must run openclaw gateway restart after any config change

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…