Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Free Model Router
v1.0.1Manages free AI models from OpenRouter for OpenClaw. Automatically ranks models by quality, configures fallbacks for rate-limit handling, and updates opencla...
⭐ 0· 29·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill description and SKILL.md present a narrowly scoped tool to pick and rotate OpenRouter free models. The repository however includes multiple 'jobs' (buyer-intent-radar, outbound-builder, checkout-leak-watcher) that fetch tweets via an external CLI, crawl web pages, generate marketing DMs, and save data under ~/rick-vault. Those capabilities (lead scraping/outbound automation) are unrelated to model routing and are not disclosed in the high-level description or SKILL.md.
Instruction Scope
SKILL.md only instructs running `freeride auto` / `freeride-watcher` and setting OPENROUTER_API_KEY. The code invoked by those commands, and additional job scripts, perform network calls (OpenRouter API, arbitrary web pages), spawn subprocesses (xpost, openclaw system event), read/write OpenClaw config (~/.openclaw/openclaw.json) and write many files under the user's home (e.g., ~/.openclaw/.freeride-cache.json, ~/.openclaw/.freeride-watcher-state.json, and ~/rick-vault/*). SKILL.md does not surface the scraping/outbound behaviors or the local data sinks.
Install Mechanism
Registry summary listed 'no install spec' / 'instruction-only', but the package contains setup.py, entry_points, and explicit pip install instructions in README and SKILL.md (pip install -e .). Installing the package will install console scripts that run the included code. The install approach is local-edit install (pip -e) — not high-risk by itself, but the packaging/install mismatch with registry metadata is an incoherence the user should notice.
Credentials
The code legitimately requires OPENROUTER_API_KEY for OpenRouter calls (and skill.json declares this), but the top-level registry metadata erroneously listed no required env vars—an inconsistency. Beyond OpenRouter, the code reads/writes the user's OpenClaw config and many home-dir paths (creating and populating ~/rick-vault), which surfaces more broad local access than promised. The jobs may collect social-media content and assemble outreach drafts; that requires network and local storage access and is not justified by the stated model-routing purpose.
Persistence & Privilege
The skill does not request 'always: true', but it installs console scripts that can run a watcher daemon which persists state under ~/.openclaw and can run continuously (watcher --daemon). The watcher will autonomously call APIs and rotate models, and other job scripts (if invoked) perform ongoing scraping and save results. Combined with the unrelated jobs and local file writes, this continuous/daemon capability increases the blast radius if installed without review.
What to consider before installing
This package is inconsistent: while it says it only manages OpenRouter 'free' models, the shipped code contains additional jobs that scrape social media, crawl web pages, generate outbound DMs, and store data in ~/rick-vault. Before installing or running: 1) Treat OPENROUTER_API_KEY as sensitive—use a test/restricted key and do not expose a production key until you trust the code. 2) Inspect the repository locally (you already have the files): review jobs/* to confirm you want scraping/outreach behavior. 3) Avoid installing globally—use an isolated virtualenv or disposable VM/container. 4) Backup your ~/.openclaw/openclaw.json before running and inspect any changes afterwards. 5) If you only want model routing, consider extracting or re-writing just the model-selection functions (main.py/watcher.py) and omit the jobs/outbound code. 6) Confirm the publisher/source (the skill metadata and _meta.json owner differ) and prefer installing only from a trusted upstream repository.Like a lobster shell, security has layers — review code before you run it.
latestvk97cezk821m6tk5ca22fsstmzx8423cw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.