openhands-api
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill's functionality aligns with its purpose as an API client for OpenHands Cloud services.
- [EXTERNAL_DOWNLOADS]: The skill communicates with the official OpenHands domain
https://app.all-hands.devto manage conversations and download trajectories. - [COMMAND_EXECUTION]: Provides methods in
scripts/openhands_api.pyandscripts/openhands_api.tsto execute bash commands within remote sandbox environments via authenticated API calls. - [CREDENTIALS_UNSAFE]: Instructions and scripts recommend using environment variables such as
OPENHANDS_CLOUD_API_KEYandOPENHANDS_API_KEYfor secure authentication.
Audit Metadata