Skills
skills/aaaaqwq/claude-code-skills/openrouter-usage/Gen Agent Trust Hub

openrouter-usage

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFE
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill retrieves the OpenRouter API key by reading the local agent authentication file at ~/.openclaw/agents/*/agent/auth.json or the OPENROUTER_API_KEY environment variable. This access is required for the tool to query the OpenRouter API for credit balances.
  • [DATA_EXFILTRATION]: The script reads local session logs from ~/.openclaw/agents/*/sessions/*.jsonl to calculate cost and token metrics. It performs authenticated network requests to openrouter.ai, a well-known service, to fetch account status. No data is transmitted to unauthorized or third-party endpoints.
  • [COMMAND_EXECUTION]: The install.sh script automates the installation by creating a CLI wrapper in ~/.local/bin and establishing symlinks within the OpenClaw workspace directory.
  • [SAFE]: No evidence of prompt injection, obfuscation, or persistence mechanisms was detected across the provided files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 10:41 AM