SEEK

Security checks across malware telemetry and agentic risk

Overview

This looks like a real FreeRide/OpenRouter model manager, but it needs Review because its marketplace identity is inconsistent and it can persistently change OpenClaw routing without confirmation or rollback safeguards.

Install only if you intend to let this package change OpenClaw's default model routing. Verify that the skill you are installing is the FreeRide package you expect, back up ~/.openclaw/openclaw.json first, keep the OpenRouter key out of shared files and source control, and run freeride-watcher --daemon only if you want ongoing OpenRouter health checks and automatic model rotation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill instructs access to environment variables, reads and writes user configuration files, and relies on network access, yet it declares no permissions. This creates a transparency and consent problem: an agent could modify OpenClaw configuration and inspect sensitive environment state without the user being clearly warned about those capabilities.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The documented behavior goes beyond simple model configuration: it references a watcher daemon, continuous monitoring, forced rotation, persistent state, and config changes that are not fully reflected in the high-level description. Hidden or under-disclosed long-running network activity and persistent config/state mutation increase the risk of unexpected API usage, background execution, and broader system changes than the user intended.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The README tells users to place an API key in an environment variable or application config but does not warn that the key is sensitive, should not be committed, and should be stored using least-privilege practices. In a skill that edits local agent configuration, this increases the chance of accidental credential exposure through shell history, screenshots, shared config files, backups, or source control.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill writes directly to the user's OpenClaw configuration and changes the active primary/fallback model settings without an interactive confirmation or dry-run step. In an agent/tooling context, this can silently alter routing behavior, authentication profile usage, and model selection, creating integrity and trust risks if triggered unexpectedly or by ambiguous user intent.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The fallbacks command persists model changes to the user's config file immediately, again without confirmation. Because fallback order affects future provider/model selection during failures or rate limits, a silent write can materially change system behavior in ways the user may not expect.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal