Problem
openrouter-oauth is the only skill with zero runnable scripts. Every other skill with an action component ships CLI tools agents can run directly. OAuth agents must write the entire PKCE flow from scratch, guided only by copy-paste blocks in the SKILL.md.
The SKILL.md already contains a complete, working auth module — it's just not packaged as a script.
Meanwhile, @openrouter/sdk already has:
client.oAuth.createAuthCode() — generates the PKCE auth URLclient.oAuth.exchangeAuthCodeForAPIKey() — exchanges the code for an API keyclient.apiKeys.list(), client.credits.getCredits() — key and credit management
Proposed scripts
| Script |
Purpose |
check-key.ts |
GET /auth/key — show current key metadata (label, usage, limit, rate limits) |
check-credits.ts |
GET /credits — show credit balance and usage |
These are the two endpoints this PR (#10) tried to document inline. Scripts are the right answer — not embedded JSON shapes.
The full PKCE flow is browser-side and can't be a standalone CLI, but the post-auth server-side operations (key exchange, credit checking) can and should be.
Reviewed by Perry
Problem
openrouter-oauthis the only skill with zero runnable scripts. Every other skill with an action component ships CLI tools agents can run directly. OAuth agents must write the entire PKCE flow from scratch, guided only by copy-paste blocks in the SKILL.md.The SKILL.md already contains a complete, working auth module — it's just not packaged as a script.
Meanwhile,
@openrouter/sdkalready has:client.oAuth.createAuthCode()— generates the PKCE auth URLclient.oAuth.exchangeAuthCodeForAPIKey()— exchanges the code for an API keyclient.apiKeys.list(),client.credits.getCredits()— key and credit managementProposed scripts
check-key.tsGET /auth/key— show current key metadata (label, usage, limit, rate limits)check-credits.tsGET /credits— show credit balance and usageThese are the two endpoints this PR (#10) tried to document inline. Scripts are the right answer — not embedded JSON shapes.
The full PKCE flow is browser-side and can't be a standalone CLI, but the post-auth server-side operations (key exchange, credit checking) can and should be.
Reviewed by Perry