Back to skill
Skillv1.0.9
ClawScan security
Free Ride - Unlimited free AI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 15, 2026, 6:15 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code mostly matches its stated purpose (managing OpenRouter free models) but it silently modifies OpenClaw config beyond the exact keys the README/SKILL.md promise and includes an optional daemon that will run regularly and use your API key(s).
- Guidance
- This skill appears to do what it says (manage OpenRouter free models) and only needs your OpenRouter API key(s). Before installing: 1) Back up ~/.openclaw/openclaw.json (the skill will read and modify it). 2) Note the implementation will add an OpenRouter auth profile to your OpenClaw config (not highlighted in SKILL.md) and will create cache and watcher state files under ~/.openclaw. 3) If you enable the freeride-watcher daemon it will periodically use your key(s) to probe/rotate models — only enable if you trust the code and your keys. If you're unsure, inspect the included Python files locally (main.py and watcher.py) or run commands manually without the daemon. Overall: coherent functionality but the docs understate some config changes and the daemon behavior, so proceed with caution.
- Findings
[no_findings] expected: No pre-scan injection signals were detected. The code performs network requests to openrouter.ai and filesystem reads/writes under ~/.openclaw, which are expected for this skill.
Review Dimensions
- Purpose & Capability
- noteThe name, description, requested network access (openrouter.ai) and the single secret (OPENROUTER_API_KEY) align with a tool that lists, ranks, and configures OpenRouter free models. However, the SKILL.md claims FreeRide 'preserves everything else' and only writes agents.defaults.model and agents.defaults.models, while the code's setup_openrouter_auth() will add an auth profile under config['auth']['profiles'] if missing. That is a functional change to the OpenClaw config not stated in the docs.
- Instruction Scope
- noteRuntime instructions (set OPENROUTER_API_KEY, pip install -e ., run 'freeride auto', restart gateway) are appropriate. The code reads the full OpenClaw config (~/.openclaw/openclaw.json) and may write cache and watcher state files (declared in SKILL.md). The mismatch is that the SKILL.md explicitly promises to only touch certain keys but the implementation also ensures an OpenRouter auth profile is present (modifies config['auth']). This is scope-creep relative to the documentation and should be disclosed to users.
- Install Mechanism
- okInstall is via local pip (pip install -e .) from the package included in the skill; setup.py only depends on requests. No remote, arbitrary downloads or obscure URLs are used. The skill.json contains an install helper (npx clawhub...) but nothing in the files indicates high-risk install behavior.
- Credentials
- okOnly OPENROUTER_API_KEY is required (env or stored in OpenClaw config). That matches the skill's purpose. The code supports multiple keys (JSON array) for rotation, which is reasonable for a tool intended to handle rate limits. No other secrets or unrelated credentials are requested.
- Persistence & Privilege
- noteThe skill does not request always:true and is user-invocable. It will create and update files under ~/.openclaw (openclaw.json, .freeride-cache.json, .freeride-watcher-state.json). The watcher can run as a daemon and will periodically make network requests using your API key(s) to probe models and rotate them. This long-running behavior is expected for auto-rotation but increases the blast radius if the keys are compromised or misused—users should be aware before enabling the daemon.