Free Ride 1.0.5
v1.0.0Manages free AI models from OpenRouter for OpenClaw. Automatically ranks models by quality, configures fallbacks for rate-limit handling, and updates opencla...
⭐ 0· 115·7 current·7 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description match the included code and SKILL.md: it queries OpenRouter, ranks free models, and updates OpenClaw config. However there are metadata inconsistencies: the top registry summary claimed no required env vars and 'instruction-only', while the included files (skill.json, SKILL.md, main.py, watcher.py, setup.py) clearly require/openly use OPENROUTER_API_KEY and provide a Python package to install. This mismatch is likely an authoring/packaging oversight rather than malicious, but it's important to know the package is code-backed (not pure prose).
Instruction Scope
SKILL.md instructs the agent/user to install the freeride CLI (pip install -e .), set OPENROUTER_API_KEY, run `freeride auto` and restart the OpenClaw gateway. The instructions and included code access/modify ~/.openclaw/openclaw.json and create cache/state files under ~/.openclaw — which the README and code explicitly document. The skill also makes outbound calls to OpenRouter APIs (model listing and chat health checks). All of these actions are within the stated purpose, but the SKILL.md and code have broad permission to read/modify that OpenClaw config file, so the user should back it up before use.
Install Mechanism
There is no remote arbitrary download; installation is via pip (editable) using the included setup.py which installs console scripts (freeride, freeride-watcher). This will execute/setup local Python entry points — standard but execution of included code occurs during use. No high-risk remote installers or URL shorteners are used. The mismatch between the registry's 'no install spec' and the repo's setup.py is notable.
Credentials
The code and SKILL.md require OPENROUTER_API_KEY (environment or OpenClaw config) which is appropriate for contacting OpenRouter. There are no other unrelated credentials requested. That said, the registry header at the top incorrectly listed 'Required env vars: none' while skill.json and SKILL.md mark OPENROUTER_API_KEY as required — this inconsistency should be resolved by the publisher before trusting metadata blindly.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable. It persists only to files under the user's home (~/.openclaw): openclaw.json, .freeride-cache.json, and .freeride-watcher-state.json. It does not attempt to modify other skills or system-wide settings beyond the OpenClaw config path it documents.
Assessment
This skill appears to do what it claims: it requires an OpenRouter API key, will make network calls to OpenRouter, and will read/modify ~/.openclaw/openclaw.json and create cache/state files under ~/.openclaw. Before installing: (1) back up ~/.openclaw/openclaw.json, (2) verify the OPENROUTER_API_KEY you provide is correct and from openrouter.ai, (3) review the included main.py and watcher.py if you want to confirm behavior (they are present in the package), and (4) be aware that installing via 'pip install -e .' will install console scripts that can run locally. Also note the repository/registry metadata is inconsistent about required env vars and install type — prefer the declarations inside skill.json / SKILL.md and the source files over the top-level summary.Like a lobster shell, security has layers — review code before you run it.
latestvk974ejdg2yd1f1vaty96h1y70983h2kw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.