openrouter-usage

SUSPICIOUS: the stated purpose is plausible and local log access is proportionate, but the skill's actual trust boundary is an unverifiable third-party CLI that receives OpenRouter credentials. Because install provenance is unclear, distribution appears third-party/mutable, and the binary handles API keys, this is high security risk even without evidence of confirmed malicious intent.