pp-openrouter

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'openrouter-pp-cli' tool using 'npx' from the '@mvanhorn' NPM namespace or 'go install' from the author's official GitHub repository. These sources belong to the verified vendor/author.
  • [DATA_EXFILTRATION]: The CLI includes a functional feature ('--deliver webhook:') that allows command output to be sent to a user-defined URL. This is a transparently documented capability for automation and workflow integration.
  • [CREDENTIALS_UNSAFE]: API keys are managed through environment variables ('OPENROUTER_API_KEY'), and the skill explicitly states that no sensitive data is persisted to the local disk, which aligns with security best practices.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 06:02 PM
Security Audit — agent-trust-hub — pp-openrouter