ClawHub

FreeRide Prefix Fix - Free AI for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This skill mostly does what it advertises, but it reads saved OpenRouter keys from local OpenClaw agent profiles and rewrites OpenClaw model settings, so it should be reviewed before use.

Review before installing. Only use this skill if you are comfortable with it reading saved OpenRouter credentials from local OpenClaw agent profile files and persistently changing your OpenClaw model configuration. Back up ~/.openclaw/openclaw.json first, verify which CLI names were installed, and prefer an explicit OPENROUTER_API_KEY with appropriate file and shell-history hygiene.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill searches unrelated local auth-profile files under ~/.openclaw/agents to recover an OpenRouter key, expanding its access beyond the minimum needed for model selection. This is dangerous because it silently harvests credentials from other agent contexts and can operate with secrets the user did not intend to expose to this tool.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README instructs users to place an OpenRouter API key in an environment variable or persisted OpenClaw config, but gives no warning about secure storage, shell history exposure, config file permissions, or accidental commit/logging risks. This is a real credential-handling weakness in documentation because users may store secrets unsafely and later leak them through local files, screenshots, backups, or repository commits.

Missing User Warnings

Medium
Confidence
76% confidence
Finding
The README markets `freeride auto` as a one-command setup that updates model configuration and later instructs users to restart OpenClaw, but it does not clearly warn up front that the tool will modify local agent configuration and affect runtime behavior. This can lead to unintended service changes, disruption, or overwriting user expectations, especially in multi-agent or shared environments.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to export or persist an API key into OpenClaw configuration without any warning about secure secret handling, exposure risks, or least-privilege practices. Persisting a live credential in tool configuration can increase the chance of accidental disclosure through config dumps, backups, logs, screenshots, or shared environments.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill reads OpenRouter credentials from environment variables, the main config, and agent auth files without a clear warning or consent prompt. In a skill context, silent secret discovery is risky because users may not expect a model-selection utility to enumerate multiple local secret sources.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill writes directly to ~/.openclaw/openclaw.json and can overwrite model and auth-related configuration without confirmation, backup, or diff display. This is dangerous because a user running the tool can unintentionally alter agent behavior and persistence settings in a way that is hard to notice or recover from.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
Confidence
97% confidence
Finding
requests>=2.31.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
90% confidence
Finding
requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal