ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

rotate-openrouter-key

Safely rotate the OpenRouter API key across all config files in an OpenClaw installation. Finds every location where the key is stored, updates them, restarts the gateway, and verifies the new key works. Use when asked to "rotate openrouter key", "change openrouter api key", "update openrouter key", or "replace openrouter key".

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/chunhualiao/rotate-openrouter-key
Or

Rotate OpenRouter Key

Safely replace the OpenRouter API key across an entire OpenClaw installation, handling all config locations, priority chains, and verification.

When to Use

  • User says "rotate my openrouter key" or "change openrouter key"
  • User reports 401 errors from OpenRouter
  • User disabled an old key and needs to set a new one
  • Periodic key rotation for security

Key Priority Chain

OpenClaw reads the OpenRouter API key from three sources, highest priority first:

  1. ~/.openclaw/.env — environment file, overrides everything
  2. ~/.openclaw/agents/<name>/agent/models.json — per-agent config
  3. ~/.openclaw/openclaw.json — global config

If a higher-priority source has the old key, updating a lower-priority file has no effect. You must update the key at whichever level it is actually being read from.

Workflow

Step 1: Get the New Key

Ask the user for the new key. It must start with sk-or-v1-.

If the user doesn't have one yet, direct them to openrouter.ai/keys to generate one.

Step 2: Find All Key Locations

# Find every file containing an OpenRouter key
grep -r "sk-or-v1" ~/.openclaw/ --include="*.json" --include=".env" -l 2>/dev/null

# Also check for uncommented key in .env
grep -v '^#' ~/.openclaw/.env 2>/dev/null | grep OPENROUTER_API_KEY

Report what you found to the user before making changes.

Step 3: Update All Locations and Verify

Run the helper script — it handles both .env and JSON files in one pass:

python3 scripts/update-openrouter-key.py --key "sk-or-v1-NEW-KEY" --verify

The script:

  • Finds all config files (.env + JSON) containing an openrouter key
  • Creates timestamped backups before each write
  • Updates only the key value (minimal change)
  • Verifies the new key against the OpenRouter API
  • Reports what it changed

Preview first with --dry-run:

python3 scripts/update-openrouter-key.py --key "sk-or-v1-NEW-KEY" --dry-run

Step 4: Restart Gateway

openclaw gateway restart

Step 5: Remote Hosts (if applicable)

If the user manages OpenClaw on other machines, repeat Steps 2-5 via SSH:

ssh <host> "grep -r 'sk-or-v1' ~/.openclaw/ --include='*.json' --include='.env' -l"

Then run the update script remotely or copy it over.

Step 6: Disable Old Key

Only after verifying the new key works everywhere, tell the user they can now safely disable/delete the old key at openrouter.ai/keys.

Scope & Boundaries

Handles: Finding, updating, and verifying OpenRouter API keys in all OpenClaw config locations.

Does NOT handle: Other provider keys (Anthropic, OpenAI). Key generation (user does that on openrouter.ai). Billing or usage issues.

Error Handling

Read Full Documentation on GitHub

Metadata

Author@chunhualiao
Stars3562
Views3
Updated2026-03-29
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-chunhualiao-rotate-openrouter-key": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.

Related Skills

claude-usage

Check Claude Max plan usage limits by launching Claude Code and running /usage. Use when the user asks about Claude plan usage, remaining quota, rate limits, or sends /claude_usage.

chunhualiao 3562

save-to-obsidian

Saves markdown content to remote Obsidian vault via SSH

chunhualiao 3562

task-runner

Persistent task queue system. Users add tasks at any time via natural language; tasks are stored in a single persistent queue file and executed asynchronously via subagents. A heartbeat/cron dispatcher wakes periodically to check pending tasks, spawn workers, and report completions. The system never "finishes" — it always remains ready for the next task.

chunhualiao 3562

openclaw-docker-setup

Install and configure a fully operational Dockerized OpenClaw instance on macOS from scratch. Includes browser pairing, Discord channel setup, and optional Gmail/Google Drive integration. Use when user asks to "install openclaw docker", "set up dockerized openclaw", "openclaw in docker", or "isolated openclaw instance".

chunhualiao 3562

skill-releaser

Release skills to ClawhHub through the full publication pipeline — auto-scaffolding, OPSEC scan, dual review (agent + user), force-push release, security scan verification. Use when releasing a skill, preparing a skill for release, reviewing a skill for publication, or checking release readiness.

chunhualiao 3562