openhands-api-v1
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a legitimate developer tool for interacting with OpenHands Cloud services. All network communication is directed toward official vendor endpoints or user-authorized sandbox environments.
- [COMMAND_EXECUTION]: The Python and TypeScript clients provide functionality to execute bash commands within remote OpenHands sandboxes via API calls. This is an intended core feature for managing agent environments.
- [EXTERNAL_DOWNLOADS]: Facilitates downloading conversation trajectories and specific files from official OpenHands endpoints as part of its documented purpose.
- [SAFE]: Authentication is handled following best practices using environment variables (OPENHANDS_API_KEY) and session-specific headers; no hardcoded secrets or credentials were detected.
Audit Metadata