← Back to Skills Marketplace
123
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install toolrouter-gateway
Description
Unified access to 150+ tools via ToolRouter API. Dynamically exposes research, security scanning, video production, web extraction, and more as native OpenCl...
Usage Guidance
This skill is suspicious because the docs promise a production-grade proxy and automatic provisioning but the packaged code is a local demo stub and the manifest omits the API key requirement. Before installing or giving it any keys: (1) Do not set TOOLROUTER_API_KEY globally until you verify the source. (2) Ask the publisher for a public homepage or repository and a clear changelog showing real network/MCP implementation. (3) Confirm why the registry metadata does not declare the required TOOLROUTER_API_KEY. (4) If you test it, run it in an isolated workspace/container because it will create memory/ files that store inputs and usage logs. (5) Review or run the code yourself to verify whether it actually calls https://api.toolrouter.com and whether it would ever transmit cached inputs. If the developer provides a real network implementation, a declared env var in the manifest, and provenance (repo/homepage/license), this assessment could be revisited.
Capability Analysis
Type: OpenClaw Skill
Name: toolrouter-gateway
Version: 1.0.0
The toolrouter-gateway skill is a legitimate-appearing proxy for an external tool aggregation service. The code in scripts/run.py implements basic discovery, status reporting, and a simulated proxy with local caching and usage logging in the memory/ directory. No evidence of data exfiltration, malicious execution, or prompt injection was found; the implementation is consistent with the stated purpose of providing a unified interface to the ToolRouter API (api.toolrouter.com).
Capability Assessment
Purpose & Capability
SKILL.md claims a gateway/proxy to ToolRouter (150+ dynamic tools, MCP server, automatic provisioning) and requires a TOOLROUTER_API_KEY, but the registry metadata declares no required env/credential. The included code is a demo stub that returns a 3-item mock catalog and does not actually perform network calls to api.toolrouter.com. This is inconsistent: the skill advertises production proxy behavior but the code does not implement it, and the manifest omits the API key requirement.
Instruction Scope
The runtime instructions ask for an API key, describe dynamic creation of many native tools, MCP server usage, and calling api.toolrouter.com; the actual run.py only implements local discovery/status/proxy stubs for a few tools and never performs HTTP/MCP network calls. The script writes cache and usage lines to memory/<files> and stores input objects in the cache file, which can persist potentially sensitive inputs. The discrepancy between broad, networked behavior in docs and local stub behavior in code is a scope mismatch.
Install Mechanism
There is no install spec (instruction-only install) which is lower risk. However a code file is included (scripts/run.py) that will execute if the agent runs it; the code writes files into the workspace (memory/...), creating persistent artifacts. No third-party downloads or external installers are used.
Credentials
SKILL.md explicitly requires TOOLROUTER_API_KEY in the environment, but the registry metadata lists no required environment variables or primary credential — that's an inconsistency. Aside from the single API key, no unrelated credentials are requested. Still, the omission in the manifest means automated permission checks might not surface the fact that this skill expects a secret.
Persistence & Privilege
The skill does not request always:true or system-wide privileges. It does create and append to files in the agent's current workspace (memory/toolrouter-cache.jsonl and memory/toolrouter-usage.jsonl and possibly toolrouter-gateway-config.json). Those files can persist inputs and usage logs locally; if the skill were extended to call external endpoints, those logs could be sensitive.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install toolrouter-gateway - After installation, invoke the skill by name or use
/toolrouter-gateway - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — unified access to 150+ tools with caching and usage tracking
Metadata
Frequently Asked Questions
What is ToolRouter Gateway?
Unified access to 150+ tools via ToolRouter API. Dynamically exposes research, security scanning, video production, web extraction, and more as native OpenCl... It is an AI Agent Skill for Claude Code / OpenClaw, with 123 downloads so far.
How do I install ToolRouter Gateway?
Run "/install toolrouter-gateway" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ToolRouter Gateway free?
Yes, ToolRouter Gateway is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does ToolRouter Gateway support?
ToolRouter Gateway is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ToolRouter Gateway?
It is built and maintained by NeroAgent (@neroagent); the current version is v1.0.0.
More Skills