Tsz
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The declared ClawdHub CLI skill is bundled with unrelated FreeRide/OpenRouter code that can read credentials, rewrite OpenClaw configuration, and run a background model-rotation watcher.
Treat this package as a review-needed install. The advertised ClawdHub CLI functionality is plausible, but the supplied artifact set is incoherent and includes unrelated FreeRide code with credential access, persistent state, and global OpenClaw configuration changes. Install only a cleaned, clearly scoped version from a trusted source, and approve any skill install/update/publish commands manually.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user installing what appears to be a ClawdHub helper may receive unrelated code and hooks, making it hard to know what behavior they are actually approving.
The manifest contains multiple SKILL.md/_meta.json entries and files from apparently different projects, including FreeRide and proposal-generation assets, while the reviewed SKILL.md presents only a ClawdHub CLI helper.
SKILL.md ... main.py ... watcher.py ... skill.json ... SKILL.md ... _meta.json ... assets/proposal-template.html ... scripts/activator.sh ... hooks/openclaw/handler.js
Do not install until the package is reduced to the intended ClawdHub files, duplicate/unrelated metadata is removed, and provenance is clarified.
The skill bundle includes code that can access an unrelated provider credential from local agent configuration.
The included FreeRide code reads an OpenRouter API key from the environment or from ~/.openclaw/openclaw.json, but the primary ClawdHub SKILL.md and registry requirements do not declare this credential use.
api_key = os.environ.get("OPENROUTER_API_KEY") ... config = json.loads(OPENCLAW_CONFIG_PATH.read_text()) ... api_key = config.get("env", {}).get("OPENROUTER_API_KEY")Only use a version that clearly declares OpenRouter credential access, scopes exactly how it is used, and matches the advertised skill purpose.
A configuration change could alter which model the agent uses across sessions or tasks, not just during skill installation.
The included code can rewrite OpenClaw's default model configuration, which affects future agent behavior beyond a single ClawdHub CLI task.
OPENCLAW_CONFIG_PATH = Path.home() / ".openclaw" / "openclaw.json" ... config["agents"]["defaults"]["model"]["primary"] = formatted_primary ... OPENCLAW_CONFIG_PATH.write_text(json.dumps(config, indent=2))
Require explicit user approval and backup/reversal instructions before any skill modifies global OpenClaw configuration.
If enabled, this code could keep acting after the original task by making periodic API calls and changing model settings.
The bundle includes a long-running watcher that can operate repeatedly in the background and rotate models, which is not disclosed by the ClawdHub CLI SKILL.md.
FreeRide Watcher\nMonitors for rate limits and automatically rotates models.\nCan run as a daemon ... CHECK_INTERVAL_SECONDS = 60 ... while running:
Avoid installing unless the background watcher is removed or clearly documented as opt-in with stop, uninstall, and state-cleanup instructions.
These commands can change installed agent skills or publish content to a registry.
The stated ClawdHub purpose includes installing, updating, and publishing skills, including a force/no-input update example. This is disclosed and purpose-aligned, but it is high-impact behavior that should remain user-approved.
clawdhub install my-skill ... clawdhub update --all --no-input --force ... clawdhub publish ./my-skill --slug my-skill
Review each install, update, force-update, and publish action before allowing the agent to run it.