ModelPool (Free)
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: modelpool-free Version: 1.0.3 The ModelPool bundle is a utility for managing free AI models from OpenRouter within the OpenClaw environment. The core logic in `freeswitch.py` and `repair.py` handles API key validation, model discovery, quality ranking, and automated configuration of the OpenClaw provider settings. It includes a diagnostic tool that checks system resources (memory, disk) and connectivity. The code uses Python's standard library to avoid external dependencies and performs legitimate configuration management and service restarts without evidence of data exfiltration, obfuscation, or malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could install a package or repository whose contents do not match the scanned skill, then give that code API keys and permission to modify OpenClaw settings.
The README directs users to install external, unpinned code even though the registry has no install spec and the reviewed setup.py declares a different package name, modelpool-free. Users may run code that is not the same as the reviewed artifact.
pip install modelpool-oc ... git clone https://github.com/meilihulee/modelpool.git
Only install from a verified source that matches the reviewed files and version. The publisher should add a clear install spec, align the package names, and pin or document the trusted distribution source.
Anyone or any process with access to the user's OpenClaw config files could potentially use the stored OpenRouter keys and consume quota or account credit.
The skill saves OpenRouter API keys persistently and writes them into the OpenClaw provider configuration. This is expected for model routing, but it is sensitive credential handling.
KEYS_PATH = os.path.expanduser("~/.openclaw/modelpool_keys.json")
...
json.dump(keys_data, f, indent=2)
...
"apiKey": keyUse keys you can revoke, avoid using keys with unnecessary paid access, protect the ~/.openclaw directory, and rotate the keys if the machine or files may be exposed.
Running repair may interrupt active OpenClaw work, change configuration, or clean session state.
The repair command runs several local commands that can modify OpenClaw configuration, clean sessions, and restart the daemon. These actions are disclosed and purpose-aligned, but they are bundled into one repair workflow.
run("openclaw doctor --fix")
...
run("openclaw sessions cleanup")
...
run("openclaw daemon stop")
...
run("openclaw daemon start")Run repair only when you are comfortable with OpenClaw being restarted and session cleanup occurring. Back up important configuration before using it.
Users may overestimate what the skill can guarantee or may rely on key rotation in ways that conflict with provider limits or policies.
The wording overpromises the reliability and availability of free model access. Provider rate limits, account policies, and failures can still apply.
**One command. Unlimited free AI. No more rate limits.** ... You'll never hit a rate limit again.
Treat the quota claims as marketing, not a guarantee. Check OpenRouter's current terms and limits before creating or rotating multiple keys.