add-top-openrouter-models
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches model metadata and the full model catalog from OpenRouter's official API (openrouter.ai) to ensure configuration accuracy.
- [COMMAND_EXECUTION]: Executes a local Python synchronization script and restarts the OpenClaw gateway service to apply updated model configurations.
- [DATA_EXFILTRATION]: Accesses the OpenRouter API key from local configuration files or environment variables to perform authenticated lookups of the model catalog.
- [PROMPT_INJECTION]: The skill processes data extracted from the OpenRouter leaderboard webpage. This potential attack surface is mitigated by a verification logic in the sync script that validates every extracted model ID against the official OpenRouter API before allowing any configuration changes.
Audit Metadata