ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Free Ride 1.0.4

v1.0.0

Manages free AI models from OpenRouter for OpenClaw. Automatically ranks models by quality, configures fallbacks for rate-limit handling, and updates opencla...

0· 308·17 current·21 all-time
byTaron M.@taron-ai

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for taron-ai/free-ride-1-0-4.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Free Ride 1.0.4" (taron-ai/free-ride-1-0-4) from ClawHub.
Skill page: https://clawhub.ai/taron-ai/free-ride-1-0-4
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install free-ride-1-0-4

ClawHub CLI

Package manager switcher

npx clawhub@latest install free-ride-1-0-4
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name/description (manage OpenRouter free models) aligns with the included Python code that calls openrouter.ai and updates ~/.openclaw/openclaw.json. However the registry/header metadata published with this evaluation is inconsistent: the top-level 'Requirements' block said 'Required env vars: none' while SKILL.md and skill.json clearly require OPENROUTER_API_KEY. The skill also contains install packaging (setup.py, entry points) despite the registry saying 'No install spec — this is an instruction-only skill.' These metadata mismatches reduce trust and should be resolved before install.
Instruction Scope
SKILL.md instructs the agent/user to set OPENROUTER_API_KEY, install the local freeride package (pip install -e . in ~/.openclaw/workspace/skills/free-ride), run freeride commands, and restart the OpenClaw gateway. Those actions are within the stated purpose (fetching models, ranking them, and writing OpenClaw config). The instructions ask the agent to read and write the user's OpenClaw config (~/.openclaw/openclaw.json) and to run the local CLI — expected for this functionality. Note: SKILL.md advises using openclaw config set env... which would store the API key in OpenClaw config; ensure you accept that storage location.
Install Mechanism
There is no remote binary download; installation is a local pip install of the packaged code (setup.py). That's a low-to-moderate risk pattern but the registry text earlier incorrectly said 'instruction-only'. The skill.json includes an 'install' recommendation (npx clawhub... && pip install -e .). No external archives or downloads from untrusted URLs are used in the code. Still, pip installing local code executes Python code on your machine — review files before installing.
Credentials
The only credential the code actually needs is an OpenRouter API key (OPENROUTER_API_KEY), which is proportionate to the described purpose. However, the manifest presented to you earlier claimed no required env vars while skill.json and SKILL.md require OPENROUTER_API_KEY. That mismatch should be corrected. The code reads the key from the environment or from ~/.openclaw/openclaw.json; it does not appear to request unrelated credentials.
Persistence & Privilege
The skill writes cache and state files under ~/.openclaw (cache, .freeride-watcher-state.json) and updates ~/.openclaw/openclaw.json to set primary and fallback models. 'always' is false and autonomous invocation is allowed (default). Writing the OpenClaw config and state files is expected for this feature and is scoped to the user's OpenClaw directory; it does not request system-wide or other skills' credentials.
What to consider before installing
This skill's code appears to implement what it claims (fetching free models from OpenRouter, ranking them, and updating your OpenClaw config), but there are a few red flags to check before installing: - Confirm the OPENROUTER_API_KEY requirement: SKILL.md and skill.json require it despite header metadata saying 'none'. Only provide an API key you trust and prefer one scoped/limited if possible. The code reads the key from your environment or from ~/.openclaw/openclaw.json. - Inspect the packaged files (main.py, watcher.py, setup.py, README, skill.json) locally before running pip install -e . — installing executes local code on your machine. - Backup ~/.openclaw/openclaw.json before running FreeRide so you can restore configuration if changes are unwanted. - The watcher daemon will make outbound calls to openrouter.ai and will write state and cache files under ~/.openclaw; if you want to avoid background activity, run only the CLI commands or run the watcher in a controlled environment (or as a one-shot cron job) rather than a continuous daemon. - Verify the skill's provenance: the manifest includes differing owner IDs and the package's 'install' path references the local workspace. If you care about supply-chain trust, find the GitHub repository (skill.json points to a repo) and verify the source and publisher before trusting and installing. Given the inconsistencies in metadata and packaging, proceed with caution: reasonable and expected behavior is present (verdict not 'benign'), but the metadata mismatches and local installation requirement mean you should manually review files and back up config before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fp1gw139tsdchx0k5qa6zzd82tejx
308downloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
Taron M.@taron-ai
latest
Download

FreeRide - Free AI for OpenClaw

What This Skill Does

Configures OpenClaw to use free AI models from OpenRouter. Sets the best free model as primary, adds ranked fallbacks so rate limits don't interrupt the user, and preserves existing config.

Prerequisites

Before running any FreeRide command, ensure:

  1. OPENROUTER_API_KEY is set. Check with echo $OPENROUTER_API_KEY. If empty, the user must get a free key at https://openrouter.ai/keys and set it:

    export OPENROUTER_API_KEY="sk-or-v1-..."
# Or persist it:
openclaw config set env.OPENROUTER_API_KEY "sk-or-v1-..."

  2. The freeride CLI is installed. Check with which freeride. If not found:

    cd ~/.openclaw/workspace/skills/free-ride
pip install -e .

Primary Workflow

When the user wants free AI, run these steps in order:

# Step 1: Configure best free model + fallbacks
freeride auto

# Step 2: Restart gateway so OpenClaw picks up the changes
openclaw gateway restart

That's it. The user now has free AI with automatic fallback switching.

Verify by telling the user to send /status to check the active model.

Commands Reference

CommandWhen to use it
freeride autoUser wants free AI set up (most common)
freeride auto -fUser wants fallbacks but wants to keep their current primary model
freeride auto -c 10User wants more fallbacks (default is 5)
freeride listUser wants to see available free models
freeride list -n 30User wants to see all free models
freeride switch <model>User wants a specific model (e.g. freeride switch qwen3-coder)
freeride switch <model> -fAdd specific model as fallback only
freeride statusCheck current FreeRide configuration
freeride fallbacksUpdate only the fallback models
freeride refreshForce refresh the cached model list

After any command that changes config, always run openclaw gateway restart.

What It Writes to Config

FreeRide updates only these keys in ~/.openclaw/openclaw.json:

  • agents.defaults.model.primary — e.g. openrouter/qwen/qwen3-coder:free
  • agents.defaults.model.fallbacks — e.g. ["openrouter/free", "nvidia/nemotron:free", ...]
  • agents.defaults.models — allowlist so /model command shows the free models

Everything else (gateway, channels, plugins, env, customInstructions, named agents) is preserved.

The first fallback is always openrouter/free — OpenRouter's smart router that auto-picks the best available model based on the request.

Watcher (Optional)

For auto-rotation when rate limited, the user can run:

freeride-watcher --daemon    # Continuous monitoring
freeride-watcher --rotate    # Force rotate now
freeride-watcher --status    # Check rotation history

Troubleshooting

ProblemFix
freeride: command not foundcd ~/.openclaw/workspace/skills/free-ride && pip install -e .
OPENROUTER_API_KEY not setUser needs a key from https://openrouter.ai/keys
Changes not taking effectopenclaw gateway restart then /new for fresh session
Agent shows 0 tokensCheck freeride status — primary should be openrouter/<provider>/<model>:free

Comments

Loading comments...