openrouter-usage
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The function
load_api_keyinscripts/openrouter_usage.pyis hardcoded to look for.envfiles in very specific user directories: ~/Desktop/Aldea/Prompt development/Aldea-Soul-Engine/.env~/Desktop/minoanmystery-astro/.env- This targeted searching for secrets in non-standard project paths is highly irregular for a general-purpose utility and constitutes a significant security risk for credential theft.
- [Credentials Unsafe] (MEDIUM): The script bypasses standard environment variable practices by implementing its own logic to crawl the filesystem for authentication tokens, which may lead to the unintended exposure of secrets from unrelated projects.
Recommendations
- AI detected serious security threats
Audit Metadata