openrouter-models
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Requests are made to openrouter.ai to fetch model data and provider performance metrics. This is standard functionality for the skill and targets a well-known service domain.
- [CREDENTIALS_UNSAFE]: The skill manages the OPENROUTER_API_KEY using environment variables, avoiding the use of hardcoded secrets or unsafe storage practices.
- [DATA_EXFILTRATION]: No unauthorized data transmission was detected. Communication is limited to sending necessary API parameters to the official OpenRouter endpoints.
- [COMMAND_EXECUTION]: Logic within the TypeScript scripts handles command-line arguments securely, preventing shell injection or unauthorized command execution.
Audit Metadata