ClawHub

free

Security checks across malware telemetry and agentic risk

Overview

FreeRide is a disclosed OpenClaw/OpenRouter configuration helper, but it can change your default model settings and optionally run a background watcher.

Install this only if you want FreeRide to change OpenClaw's default model and fallback list. Use a dedicated OpenRouter key, avoid storing it in shared or committed config, back up ~/.openclaw/openclaw.json before first use, and run freeride-watcher --daemon only if you want ongoing background checks and automatic model rotation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs access to environment variables, reads and writes local configuration files, and uses network-dependent tooling, yet it declares no permissions or safety boundaries. This is dangerous because users or orchestration systems cannot make an informed trust decision before the skill modifies local state or uses secrets like OPENROUTER_API_KEY.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented behavior goes beyond simple configuration and includes an optional watcher daemon that continuously monitors models, performs live network checks, rotates configuration automatically, and persists watcher state. This mismatch is dangerous because operators may authorize a one-time config helper but actually introduce a long-running process with autonomous network activity and ongoing config changes.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The invocation description is broad enough to trigger on common phrases like reducing AI costs, model switching, or rate limits, which may cause the agent to run config-changing actions in situations where the user did not clearly request them. In this context, over-broad activation is risky because the skill can alter local configuration and restart the gateway.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow directs the agent to modify ~/.openclaw/openclaw.json and restart the gateway without an explicit warning or confirmation step. This is dangerous because it changes persistent local configuration and service state, which can disrupt current sessions, override user preferences, or introduce unintended operational changes.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill writes directly to the user's OpenClaw configuration and can replace the primary model and fallback chain without any confirmation, backup, or interactive review. In an agent context, that can silently alter user settings, break existing workflows, or redirect future model usage in ways the user did not explicitly approve.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The manifest requires an OPENROUTER_API_KEY and describes obtaining it, but gives no disclosure about how the credential will be used, transmitted, stored, or protected. Because this skill is explicitly built to interact with OpenRouter and modify OpenClaw configuration, missing credential-handling and network-use warnings increase the risk of users exposing sensitive API keys without informed consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The watcher rewrites the user's OpenClaw configuration automatically when it decides a model should rotate, without any interactive confirmation, dry-run mode, or explicit opt-in at the point of change. In a tool that continuously runs as a daemon or via cron, silent config mutation can unexpectedly alter model selection and fallback behavior, reducing user control and potentially causing operational or cost surprises.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal