Energy considerations aside, I recommend leaving it running, aside from service/maintenance like upgrades, certain configuration changes, etc.
OpenWrt and most of the hardware targeted by the system should be able to run 24/7/365 and remain rock solid. If it doesn't, there is a problem that needs to be investigated. Rebooting the device at regular intervals may keep it running smoothly, but it really just means the problem is being masked by the reboots, not solved. It's always best to troubleshoot and hopefully solve the root cause of the issue that is causing problems -- misconfigurations are a common source of such problems, or there may be bugs which should be reported and resolved at the source.
EDIT: I just checked the uptime of the OpenWrt VPN endpoint at my dad's house ~3000 miles away. It's been running for 306 days; the last downtime was likely related to a sysupgrade when I was last there. During the pandemic, I was unable to visit for ~2 years or more, so it would have had an uptime in line with that schedule (and I think that there wouldn't have even been power glitches in that time because there is a UPS + "home standby" backup generator).
There are different schools on this topic for different reasons.
The biggest reason I moved to OpenWrt was to get rid of the standard operating procedure of normal home routers, in other words “reboot whatever happens to solve whatever problem” and repeat that every day because nothing really works on some OEM firmwares.
On the other hand, the only way to clean up home router intruder bots of different types are to make a reboot, but they will come back once booted again if there is a security hole so only a reboot isn’t a long term solution anyway.
But again, I have never seen a confirmed living bot in a OpenWrt router here in the forum?
But sometimes when the ISP have done some work it seems that OpenWrt firmware have big problems getting internet on WAN working again, and the quickest way to solve this is simply to pull the plug and make a cold restart. It is possible to make a network restart also but that takes a lot longer time than simple cold reboot.
I think rebooting has nothing to do with security.
My router reboots once a day. The time and adblock are updated.
I configured the time update so that it would only be updated with a reboot, so that the router would not always keep port 123 open.
Well, for security, I blocked protocols such as igmp, icmp, pim, rdp.
And I don't advise doing this if you don't understand what you're getting into.
The hardest part is getting the router to work with blocked icmp, but I did it.
Also blocked some ports, for safety, just in case, and there are different cases.
I am one of those who are called paranoid, they offer me a tinfoil hat, but I don’t pay attention to such people, I don’t care what they think about me.
In terms of electricity, the router does not consume anything, there is no point in turning it off to save money.
In terms of security, it's up to you.
If you don't trust your smartphones, computers or TVs, then turning off the router won't help you much, you'll turn it back on anyway
After my previous response I had a check and there's an entire thread about their 'approach' to ntp. Suffice to say, like most networking related things, they had no idea what they were doing and refused to accept any advice that didn't fit their 'worldview'. It's an actual miracle they have working internet access, despite their many many attempts to break it in the pursuit of 'security'...
"Accept (forwarding) traffic from LAN to WAN - and allow forwarding between interfaces assigned to LAN zone - Outgoing from LAN interfaces Allowed - also Allow Input from LAN"
"Reject all Input on WAN and Reject Forwarding from interfaces assigned to WAN zone - Outgoing from WAN interfaces Allowed"