Skills
skills/liaosvcaf/openclaw-skill-add-top-openrouter-models/add-top-openrouter-models/Snyk

add-top-openrouter-models

Warn

Audited by Snyk on Mar 2, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent (SKILL.md and README) to open and scrape the public OpenRouter app leaderboard at https://openrouter.ai/apps?... and to query the OpenRouter API (/api/v1/models) for verification, and those externally-sourced model IDs are directly used to decide which local config files to update and whether to restart the gateway, so untrusted third-party content can influence behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 2, 2026, 12:32 AM