ClawHub

Free Ride 1.0.4

Security checks across malware telemetry and agentic risk

Overview

FreeRide is a purpose-aligned OpenRouter model configuration helper, but users should understand it can change OpenClaw’s default model settings and optionally run a watcher.

Install this only if you want OpenClaw’s default model routing changed to OpenRouter free models. Use a dedicated OpenRouter API key, keep it out of source control and shared logs, back up ~/.openclaw/openclaw.json before running config-changing commands, and start freeride-watcher only if you want ongoing automatic model rotation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs access to environment variables, local configuration files, package installation, and network-backed model services, but does not declare any permissions. Undeclared capabilities reduce transparency and informed consent, making it easier for an agent to perform sensitive actions like reading API keys, modifying ~/.openclaw/openclaw.json, and contacting remote services without clear user awareness.

Tp4

High
Category
MCP Tool Poisoning
Confidence
85% confidence
Finding
The skill description presents the tool as a simple config helper, but the content also introduces a watcher daemon that continuously monitors, probes remote models, persists state, and can automatically rotate models over time. This mismatch matters because users may consent to a one-time configuration change without understanding they are enabling ongoing background activity, network probing, and persistent state changes.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README instructs users to place an OpenRouter API key in an environment variable or application config but does not warn that this secret grants access to a third-party AI account and should be protected from shell history, screenshots, config sync, backups, and source control. In a skill that edits local configuration and is aimed at broad installation, missing credential-handling guidance increases the chance of accidental key disclosure or unsafe persistence.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The README advertises a one-command flow that automatically updates OpenClaw configuration and later instructs users to restart the gateway, but it does not clearly warn that the tool will modify local config state and affect agent runtime behavior. While this is not inherently malicious, the lack of an upfront warning can cause unreviewed system-impacting changes, especially in shared or customized OpenClaw environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The workflow directs configuration changes and gateway restarts without an explicit warning that local files and running services will be modified. This is dangerous because it can disrupt active sessions, overwrite user expectations about model selection, and change behavior of the local environment without clear informed consent.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill modifies the user's persistent OpenClaw configuration immediately, without preview, confirmation, backup, or transactional safety. In an agent-driven context this is more dangerous because a casual or ambiguous invocation can silently alter model routing, fallbacks, and auth profile state, causing service disruption or unintended provider usage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal