Skills
skills/openrouterteam/skills/openrouter-oauth/Gen Agent Trust Hub

openrouter-oauth

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements a standard OAuth 2.0 PKCE (Proof Key for Code Exchange) flow, which is a secure method for authentication in public clients (like web browsers) without requiring client secrets.
  • [SAFE]: All external communication is directed to the official 'openrouter.ai' domain, which belongs to the skill's authoring organization (openrouterteam). These are legitimate vendor resources.
  • [SAFE]: Cryptographic functions for generating the code verifier and challenge utilize the native browser Web Crypto API (crypto.getRandomValues and crypto.subtle.digest), ensuring high-entropy randomness and secure hashing.
  • [SAFE]: The storage of API keys in localStorage and code verifiers in sessionStorage follows established web development patterns for maintaining authentication state and securing the OAuth handshake.
  • [SAFE]: The skill does not include any external script downloads, remote code execution patterns, or obfuscated content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 12:20 PM