skills/liaosvcaf/openclaw-skill-add-top-openrouter-models/add-top-openrouter-models/Gen Agent Trust Hub
add-top-openrouter-models
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled Python script (
scripts/sync-openrouter-models.py) to automate the verification and update process of the OpenClaw configuration. This execution is confined to the skill's logic and operates on the user's local configuration files. - [EXTERNAL_DOWNLOADS]: The script communicates with the OpenRouter API (
openrouter.ai) to fetch up-to-date model metadata, pricing, and context window information. This is a well-known service and the communication is essential for the skill's primary synchronization purpose. - [DATA_EXFILTRATION]: The skill accesses application-specific configuration files (
~/.openclaw/openclaw.jsonandmodels.json) to retrieve the OpenRouter API key. This key is used exclusively for authenticated requests to the official OpenRouter API to verify model IDs. There is no evidence of data being sent to unauthorized third-party domains. - [PROMPT_INJECTION]: The skill processes external data by scraping the OpenRouter leaderboard via a browser tool. To prevent indirect prompt injection or the use of malicious model IDs, the script validates every extracted ID against the official OpenRouter API catalog before it is added to the local configuration.
Audit Metadata