ClawHub

Free Ride - Unlimited free AI

Security checks across malware telemetry and agentic risk

Overview

This skill fits its stated OpenClaw/OpenRouter purpose, but it deserves review because it can change your agent’s default model routing and optionally keep doing so from a persistent background watcher.

Install only if you want this skill to manage OpenClaw’s default and fallback model configuration. Back up ~/.openclaw/openclaw.json first, keep the OpenRouter key private, and run freeride-watcher only if you knowingly want a background process that can keep changing model settings automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The skill description understates materially sensitive behavior: it not only ranks models and edits config, but also performs live API probing and offers a long-running watcher that can continuously make network requests and rewrite configuration. Users may consent to a one-time config helper without realizing they are enabling persistent autonomous behavior, which increases the risk of unexpected traffic, instability, or unintended changes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly promotes a long-running watcher that probes models and rotates `~/.openclaw/openclaw.json` in the background, but it does not prominently warn users that this creates continuous autonomous config changes outside normal interactive workflows. In a developer-agent environment, silent background mutation of routing/config can reduce auditability, surprise users, and cause hard-to-diagnose behavior or service disruption.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrases are broad enough to activate on common cost- or model-related conversations, which could cause the agent to propose or run a config-changing skill when the user only wanted advice. In a system that can execute skills, loose activation increases the chance of unintended file modification and network use.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The background daemon is presented as a recommendation without an equally prominent warning that it will continue making outbound requests and may repeatedly rewrite OpenClaw configuration over time. Persistent autonomous network activity and config churn can surprise users, complicate troubleshooting, and create availability or privacy concerns if enabled casually.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The watcher automatically modifies the active model configuration when health checks fail, without requiring confirmation at the moment of change. In this skill's context, that behavior is the core feature, but it still creates a security and safety risk because a background process can silently alter inference behavior, cost profile, provider selection, or reliability characteristics in ways the user may not notice immediately.

Session Persistence

Medium
Category
Rogue Agent
Content
freeride-watcher

# Background, persistent across logout
nohup freeride-watcher > ~/.openclaw/freeride-watcher.log 2>&1 &

# One-off check (no loop)
freeride-watcher --once
Confidence
88% confidence
Finding
nohup

Session Persistence

Medium
Category
Rogue Agent
Content
freeride-watcher

# Persistent background
nohup freeride-watcher > ~/.openclaw/freeride-watcher.log 2>&1 &

# One-shot check (no loop)
freeride-watcher --once
Confidence
89% confidence
Finding
nohup

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
Confidence
90% confidence
Finding
requests>=2.31.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
96% confidence
Finding
requests

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal