pp-openrouter

SUSPICIOUS: the skill is broadly aligned with OpenRouter introspection, but it relies on a separately installed third-party CLI from a different publisher identity than the skill author, uses unpinned install paths, forwards API credentials to that binary, and supports arbitrary webhook delivery. This looks more like a risky external-tool wrapper than confirmed malware.