Skillv1.0.8

ClawScan security

FreeRide Prefix Fix - Free AI for OpenClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 5, 2026, 1:35 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The code and instructions largely fit the stated purpose (fixing OpenRouter prefix handling and configuring free fallbacks), but there are multiple metadata and packaging inconsistencies and one behaviour (scanning other OpenClaw agent auth files) that deserve explanation before installing.
Guidance: What to check before installing: - Metadata mismatches: the registry summary said there are no required env vars, but SKILL.md and skill.json require OPENROUTER_API_KEY — plan to supply that key. Also the README/SKILL.md command names (freeride, freeride-fix) do not match setup.py entry_points and skill.json. Expect to run 'pip install -e .' locally and confirm which console script names were installed. - Key auto-detection: the code will try to locate an OpenRouter key in ~/.openclaw/openclaw.json and in ~/.openclaw/agents/*/agent/auth-profiles.json. This is convenient but means the skill will read other agent auth files in your OpenClaw workspace; if you keep secrets there you should be comfortable with this behavior. - Back up your OpenClaw config: the tool modifies ~/.openclaw/openclaw.json (agents.defaults.model and models). Back up that file before running so you can restore your prior configuration if needed. - Review/run locally first: pip-installing from local source is low-risk, but inspect setup.py/entry_points to confirm the console script names and entrypoints. Run the commands with read-only options (e.g., 'freeride list') before 'auto' to see what it would change. - Watcher behavior: the watcher can run continuously and will call the OpenRouter API to test models and rotate configs. Only run it as a daemon if you want automatic rotations and accept periodic API calls. - Source trust: this is a community fork with source included. If you don't trust the uploader, obtain the original upstream repo (author credited) or review the repository history/commit author. The code presented performs expected network and file io for the feature and contains no obvious exfiltration endpoints, but metadata/packaging inconsistencies warrant extra caution. If you want, I can extract the exact console-scripts installed by setup.py, point out the precise lines that read auth-profiles.json, or produce a short checklist of commands to safely test the skill without making persistent config changes.

Review Dimensions

Purpose & Capability: noteThe skill's code (main.py, watcher.py) implements exactly the advertised behavior: it queries OpenRouter, ranks free models, updates ~/.openclaw/openclaw.json, and optionally runs a watcher to rotate models. However, registry-level metadata provided at the top of the report claims 'Required env vars: none' while the SKILL.md and skill.json both require OPENROUTER_API_KEY. Also packaging/CLI name mismatches exist (README/SKILL.md refer to 'freeride-fix' but setup.py/egg-info install console scripts 'freeride' and 'freeride-watcher'; skill.json claims binaries with '-fix' suffix). These inconsistencies are not obviously malicious but are incoherent and could confuse users during install.
Instruction Scope: okRuntime instructions tell the user to set OPENROUTER_API_KEY, pip install the package, and restart OpenClaw. The contained code reads/writes only files under the user's ~/.openclaw directory (openclaw.json, watcher and cache/state files) and makes API calls to OpenRouter. That is within the stated purpose (configuring OpenClaw and probing OpenRouter models). One thing to note: get_api_key() intentionally attempts to auto-detect keys by scanning ~/.openclaw/agents/*/agent/auth-profiles.json; this reads other agent auth files to find an OpenRouter key — functionally convenient but sensitive because it reads other stored credentials in the OpenClaw workspace (it filters for provider == 'openrouter').
Install Mechanism: okNo remote downloads or obscure installers are used. The recommended install is 'pip install -e .' from the skill folder (local editable install) and the package only depends on requests. setup.py and requirements.txt are present. This is a standard, low-risk install mechanism assuming the package source is trusted. The lack of a centralized install spec in the registry (no install field or contradictory guidance) is a packaging/metadata mismatch but not a direct install risk.
Credentials: concernThe skill legitimately needs an OpenRouter API key to call the OpenRouter API; skill.json and SKILL.md declare OPENROUTER_API_KEY as required. The top-level registry metadata saying 'Required env vars: none' is inconsistent and should be corrected. Additionally, the tool will try to auto-detect an OpenRouter key by reading OpenClaw config and auth-profiles in ~/.openclaw/agents/*/agent/auth-profiles.json; while the code filters for provider == 'openrouter', this behavior reads other files that may contain credentials — users should be aware the skill will attempt to find and use keys stored elsewhere in their OpenClaw workspace.
Persistence & Privilege: noteThe skill does not request 'always: true' and is user-invocable only. It writes state/cache files under ~/.openclaw and modifies ~/.openclaw/openclaw.json to change agents.defaults.model/models — which is exactly its purpose. It also provides a watcher that can be run as a daemon (user must start it). Nothing in the package attempts to change other skills or system-wide agent settings outside the stated OpenClaw config path.