openhands-api
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's Python and TypeScript clients perform network requests to 'https://app.all-hands.dev' to interact with the OpenHands Cloud API. This communication is essential for the skill's purpose and targets the vendor's official domain.
- [COMMAND_EXECUTION]: The client libraries include methods ('agent_execute_bash') that allow for shell command execution. This execution occurs within the remote OpenHands sandbox environment as part of the intended management workflow and does not pose a risk to the local host.
- [CREDENTIALS_UNSAFE]: The skill implements secure credential handling by retrieving API keys from environment variables ('OPENHANDS_CLOUD_API_KEY', 'OPENHANDS_API_KEY') rather than using hardcoded values. This aligns with standard security practices for API clients.
- [PROMPT_INJECTION]: The skill processes data returned from the API, such as conversation events, which introduces a potential surface for indirect prompt injection. However, this is a known risk factor inherent to the skill's primary function of monitoring and interacting with agent environments, and no specific malicious injection patterns were found.
- [SAFE]: The skill is a legitimate reference implementation for the OpenHands Cloud API, provided by the vendor 'openhands', with no evidence of obfuscation or malicious intent.
Audit Metadata