ClawHub

OpenCode Free Models

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward OpenClaw/QClaw configuration helper, but users should know it makes persistent local config changes from data fetched online.

Install this only if you want OpenClaw or QClaw to use opencode.ai free models. Before running it, review or back up your existing openclaw.json because the skill can change future model routing, and be aware it contacts opencode.ai to retrieve the model list.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README states that the skill will automatically fetch remote data and modify local configuration files, but it does not clearly warn users that their existing OpenClaw/QClaw config will be changed. This can lead to unintended configuration drift or overwriting user settings, especially because the action is presented as a simple one-line command.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The documentation says the skill contacts opencode.ai to retrieve model information but does not disclose the network/privacy implications. Even if the data fetched is benign, users should be informed that using the skill initiates outbound network access to a third-party service and may expose metadata such as IP address or usage timing.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrase "free model" is overly generic and can activate in unrelated conversations, causing the skill to run when the user did not intend to change local AI configuration. Because the skill also performs file writes and network calls, accidental invocation increases the chance of unintended configuration changes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill states it will automatically modify ~/.openclaw/openclaw.json or ~/.qclaw/openclaw.json without an explicit warning or consent workflow. Silent local config modification is risky because it can alter provider settings, insert attacker-influenced remote models, and create persistent changes the user may not notice.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal