openrouter-connect 安全扫描报告 — 可信 | ClawSafe

5 /100

openrouter-connect

OpenRouter free LLM model discovery, selection, and proxy query skill

A straightforward OpenRouter free-model discovery and proxy skill with fully declared, necessary network and filesystem access. No malicious indicators, obfuscation, credential exfiltration, or hidden behavior found.

技能名称openrouter-connect

分析耗时36.7s

引擎pi

✓

可以安装

No action needed. The skill is safe to use.

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	SKILL.md lines 53, 58; proxy_query.py line 35-36
文件系统	`READ`	`READ`	✓ 一致	SKILL.md Step 0; resolve_key.py reads .env files
命令执行	`NONE`	`NONE`	—	No subprocess/shell execution in any script
环境变量	`NONE`	`READ`	✓ 一致	Scripts read os.environ for OPENROUTER_API_KEY; minor: declared implicitly in St…

3 项发现

🔗

中危外部 URL 外部 URL

https://openrouter.ai/keys

SKILL.md:38

🔗

中危外部 URL 外部 URL

https://openrouter.ai/api/v1/models

SKILL.md:53

🔗

中危外部 URL 外部 URL

https://openrouter.ai/api/v1

references/python_template.md:43

目录结构

7 文件 · 41.3 KB · 1179 行

Markdown 4f · 754L Python 3f · 425L

├─ ▾ 📁 references

│ ├─ 📝 model_preferences.md Markdown 112L · 4.1 KB

│ ├─ 📝 python_template.md Markdown 276L · 9.7 KB

│ └─ 📝 typescript_template.md Markdown 236L · 8.3 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 discover_models.py Python 119L · 4.0 KB

│ ├─ 🐍 proxy_query.py Python 250L · 9.3 KB

│ └─ 🐍 resolve_key.py Python 56L · 1.4 KB

└─ 📝 SKILL.md Markdown 130L · 4.5 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`openai (python_template.md)`	`>=1.0`	pip	否	Optional; only used in generated scaffold code, not in skill scripts themselves
`python-dotenv (python_template.md)`	`*`	pip	否	Optional; only used in generated scaffold code, not in skill scripts themselves

安全亮点

✓ No subprocess or shell command execution — scripts use only urllib.request for HTTP

✓ No obfuscation — all code is plain, readable Python with no base64, eval, or dynamic execution

✓ API key is used solely for OpenRouter API authentication and not exfiltrated

✓ resolve_key.py prints a masked key prefix (8 chars + '...' + last 4) rather than exposing credentials

✓ Cache files written to /tmp/ only, no sensitive path access (~/.ssh, ~/.aws, .env contents not read)

✓ No hidden HTML comments, no hidden instructions, no embedded payloads

✓ All network requests go to a single, declared legitimate endpoint (openrouter.ai)

✓ HTTP-Referer header explicitly identifies the project as openrouter-connect on GitHub

✓ No supply-chain risks — no external dependencies imported at runtime; python_template.md uses openai>=1.0 which is a standard SDK