Skillv1.0.0

ClawScan security

AgentBox OpenRouter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 26, 2026, 2:53 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions generally match its goal (configure OpenRouter) but there are important inconsistencies and an elevated privilege flag (always: true) that raise concern before installing or providing secrets.
Guidance: What to consider before installing: - The skill appears to do what it claims (configure OpenRouter), but it has always:true (always present) and the SKILL.md asks you to provide an API key — that combination increases risk. - Do not paste sensitive keys into chat unless you trust the skill/source. Prefer to run the provided jq commands locally yourself. - Make a backup before editing: cp ~/.openclaw/openclaw.json ~/.openclaw/openclaw.json.bak. After editing, check file contents and set restrictive permissions (chmod 600 ~/.openclaw/openclaw.json). - Verify you have the expected tools (jq, openclaw CLI) installed before running commands. The skill metadata does not list these dependencies — ask the author to declare them. - Consider creating a limited/specific OpenRouter key (or rotating it) rather than reusing a broadly scoped secret. - Because of always:true, only install if you trust the skill owner and need this integration; otherwise run these steps manually or use a non-persistent helper.

Review Dimensions

Purpose & Capability: noteThe name/description match the runtime instructions (guiding a user to create an OpenRouter API key and update AgentBox/OpenClaw config). However the SKILL.md expects the presence of tools/commands (jq, openclaw CLI, standard shell utilities) that are not declared in the skill metadata as required — a mismatch between claimed requirements and actual instructions.
Instruction Scope: concernInstructions tell the agent/user to read and overwrite the user's config file (~/.openclaw/openclaw.json) and to place the OpenRouter API key into .env.OPENROUTER_API_KEY. This is within scope for configuring a provider, but the skill also instructs asking the user to paste a sensitive API key into the conversation and makes no guidance about secure handling (file permissions, secret rotation). The SKILL.md references binaries (jq, openclaw) that were not declared; that mismatch can lead to surprising behavior if those tools are absent or different on the host.
Install Mechanism: okThis is instruction-only with no install spec or code to download — lower disk/installation risk. No external archives or network installs are invoked by the skill itself.
Credentials: noteThe only secret used is the OpenRouter API key, which is appropriate for the stated purpose. But the skill does not declare any required environment variables or primary credential in its metadata even though it instructs storing a secret in the config file. The instructions will store the API key in cleartext in ~/.openclaw/openclaw.json unless the user takes precautions — this is expected for such a setup but should be made explicit.
Persistence & Privilege: concernThe skill sets metadata openclaw.always = true. always:true forces the skill to be included in every agent run and increases its visibility/attack surface. Combined with the skill's behavior of soliciting and placing API keys into local config, this persistent inclusion elevates risk and should have an explicit justification (none is provided).