Openrouter

Security checks across malware telemetry and agentic risk

Overview

This OpenRouter skill appears legitimate, but it gives an agent broad authenticated OpenRouter access, including API-key/account actions and raw API requests, without clear approval rules.

Install only if you trust Membrane-mediated access to your OpenRouter account. Set clear rules that the agent must ask before retrieving or displaying API keys, using raw proxy requests, spending credits, creating fine-tuning jobs, changing account settings, or sending sensitive prompts/files through OpenRouter.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill documents direct network/proxy requests to OpenRouter endpoints and references account/API-key-related operations, but it does not explicitly instruct the agent to obtain user confirmation before performing actions that may expose sensitive account data or send prompts/content to third-party services. In this context, the omission matters because the skill is designed for live external operations and could lead to unintended disclosure of prompts, metadata, or account information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal