openrouter-typescript-sdk

The skill footprint is coherent with a legitimate TypeScript SDK designed to interface with OpenRouter via API keys or OAuth PKCE, offering a rich feature set for tool-based interactions and streaming. There are no evident download-execute supply-chain patterns, no unverifiable binaries, and credential handling is aligned with standard SDK usage (environment variables, per-request API keys). The primary risks relate to typical credential exposure in client/server apps (environment leaks, embedding keys in front-end code) and the potential for misconfiguration by integrators; otherwise, the data flows and capabilities appear proportionate to the stated purpose.