← Back to Skills Marketplace
OpenRouter Analytics
by
Pedro Gonzalez
· GitHub ↗
· v1.0.0
741
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openrouter-analytics
Description
Review OpenRouter usage, analytics, and troubleshooting data via API. Use when the user asks for spend/usage monitoring, activity trends, per-key management...
Usage Guidance
Before installing or running: (1) Recognize that the script requires two OpenRouter keys (OPENROUTER_MANAGEMENT_KEY and OPENROUTER_API_KEY) even though the registry metadata lists none — confirm you are comfortable providing those. (2) The script auto-loads ~/.openclaw/.env and ./.env; inspect those files for other secrets before running or move keys to a dedicated env file. (3) Review the full script (included) for any network endpoints or unexpected behavior (the visible code calls https://openrouter.ai/api/v1). (4) Run the script in an isolated environment (or with test keys) if you’re unsure about the source, and ask the publisher to update the package metadata to declare required env vars and config paths for transparency. (5) If you want higher assurance, request or verify an official homepage or trusted publisher identity before trusting management-level keys.
Capability Analysis
Type: OpenClaw Skill
Name: openrouter-analytics
Version: 1.0.0
The skill is classified as suspicious due to a potential arbitrary file write vulnerability in `scripts/openrouter_analytics.py`. The `cmd_activity` function allows writing activity data to a CSV file specified by the `--csv` argument. While the script itself does not construct a malicious path, a compromised or malicious AI agent could be prompted to provide a sensitive file path (e.g., `/etc/passwd`, `~/.ssh/authorized_keys`) to this argument, leading to unauthorized file modification or data corruption. All network communication is confined to `https://openrouter.ai/api/v1`, and there are no other signs of malicious intent like data exfiltration to unauthorized endpoints, obfuscation, or direct shell command injection within the script's logic or `SKILL.md`.
Capability Assessment
Purpose & Capability
The script and SKILL.md implement OpenRouter management and per-request debugging operations (activity, credits, keys, generation) that fit the skill name/description. However, the registry metadata declares no required environment variables or config paths while the runtime requires OPENROUTER_MANAGEMENT_KEY and OPENROUTER_API_KEY — an omission in the manifest that reduces transparency.
Instruction Scope
Runtime instructions ask the user to run the included Python script and describe expected flags. The SKILL.md and script both state the script will auto-load ~/.openclaw/.env and a current-directory .env before execution — this means the skill will read user dotfiles for credentials/config, which is reasonable for a CLI but should have been declared explicitly.
Install Mechanism
No install spec is provided (instruction-only with an included helper script). Nothing in the package attempts to download or install external code during install. This is the lowest-risk install model.
Credentials
The credentials the script uses (a management key for aggregate data and a regular API key for per-request lookups) are proportionate to the stated functionality. However, the registry declares no required environment variables or config paths while the script depends on OPENROUTER_MANAGEMENT_KEY and OPENROUTER_API_KEY and will read ~/.openclaw/.env and ./.env — the lack of these declarations is an incoherence and a transparency/privacy concern.
Persistence & Privilege
The skill does not request permanent/always-on presence and does not modify other skills or system-wide settings. It runs as a user-invoked script and doesn’t appear to attempt privilege escalation.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openrouter-analytics - After installation, invoke the skill by name or use
/openrouter-analytics - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: management analytics + request-level troubleshooting for OpenRouter
Metadata
Frequently Asked Questions
What is OpenRouter Analytics?
Review OpenRouter usage, analytics, and troubleshooting data via API. Use when the user asks for spend/usage monitoring, activity trends, per-key management... It is an AI Agent Skill for Claude Code / OpenClaw, with 741 downloads so far.
How do I install OpenRouter Analytics?
Run "/install openrouter-analytics" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenRouter Analytics free?
Yes, OpenRouter Analytics is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OpenRouter Analytics support?
OpenRouter Analytics is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenRouter Analytics?
It is built and maintained by Pedro Gonzalez (@plgonzalezrx8); the current version is v1.0.0.
More Skills