Benchmarked Free Ride
v1.2.0Pick the best free OpenRouter models using live benchmark CI results. Use when: user wants performance-ranked free model recommendations, needs a model that...
⭐ 0· 77·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the requested artifacts: python3-only script that fetches a public leaderboard and writes model primary/fallback keys into ~/.openclaw/openclaw.json. There are no unexpected credential requests, unrelated binaries, or extra system paths in the manifest. Development/test files reference CI/integration tooling, but those are clearly ancillary (not required for normal operation).
Instruction Scope
SKILL.md instructs only to fetch leaderboard.json from sequrity-ai.github.io and run local CLI commands (auto/list/switch/status/fallbacks/refresh). The skill intentionally writes only the declared config keys. One noteworthy point: multiple test files and README mention Daytona and OPENROUTER_API_KEY for integration tests — those are for CI/testing and are not required by the runtime instructions or the skill itself. No instructions ask the agent to read unrelated system files or exfiltrate arbitrary data.
Install Mechanism
No install spec and the implementation uses only Python stdlib (urllib, json). The package contains source files and a standard setup.py, but there are no downloads from obscure URLs or extracted archives. This is low-risk from an install standpoint.
Credentials
The skill declares no required environment variables (correct for a public GitHub Pages data fetch). The presence of DAYTONA_API_KEY and OPENROUTER_API_KEY in the test files is expected for running integration tests and is not a runtime dependency of the skill; however users should be aware those tests will require secrets if they choose to run them. Overall, environment/credential requests are proportionate to the skill's purpose.
Persistence & Privilege
The skill does write to the user's ~/.openclaw/openclaw.json (only the documented agents.defaults.model.primary and fallbacks keys). always:false and no other elevated privileges are requested. Modifying the user's agent config is the declared purpose, so the level of persistence/privilege is appropriate; users should note this will change which model their agent uses.
Assessment
This skill is internally consistent with its stated goal, but take these practical precautions before installing: 1) Inspect the leaderboard URL yourself (https://sequrity-ai.github.io/benchmarked-free-ride-ci/api/leaderboard.json) to confirm you trust the data source. 2) Back up ~/.openclaw/openclaw.json before running 'auto' so you can restore prior settings. 3) Run 'python main.py list' first to review which :free models will be chosen. 4) If you only want to update fallbacks, use 'auto -f' to preserve your current primary. 5) The test files reference DAYTONA_API_KEY/OPENROUTER_API_KEY for CI/integration testing only — you do not need to provide those to use the skill. 6) If you want extra caution, run the skill in a sandbox or review main.py (it only uses urllib + json + file I/O) before applying changes.Like a lobster shell, security has layers — review code before you run it.
latestvk972ws0bnwhjw969v056sn04xn84g7e3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🏆 Clawdis
Binspython3