Free Ride 1
v1.0.0Manages free AI models from OpenRouter for OpenClaw. Automatically ranks models by quality, configures fallbacks for rate-limit handling, and updates opencla...
⭐ 1· 106·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name and description (manage free OpenRouter models and configure fallbacks) align with the bundled code and runtime instructions. It legitimately needs an OpenRouter API key and access to OpenClaw's config (~/.openclaw/openclaw.json) to perform its work. However, the top-level registry metadata included with the submission claims no required env vars or config paths, while skill.json, SKILL.md, and the Python code clearly require OPENROUTER_API_KEY and reference ~/.openclaw/openclaw.json — this metadata mismatch is an incoherence to be aware of.
Instruction Scope
SKILL.md instructs the agent to install the package locally, set OPENROUTER_API_KEY, run 'freeride' commands, and restart the OpenClaw gateway. The code and instructions only read and modify the OpenClaw config, cache and state files under ~/.openclaw, and call OpenRouter APIs — all within the announced scope. The watcher optionally runs as a daemon and performs periodic health checks; it is explicit and user-invocable.
Install Mechanism
There is no platform install spec in the registry entry (instruction-only), but the package includes setup.py and SKILL.md / README instruct using 'pip install -e .' from the local skill directory. That installs local console scripts (freeride, freeride-watcher) via setuptools. This is a common and expected install method, but the registry metadata omission (no install spec) is inconsistent with the packaged setup.py and recommended install steps.
Credentials
The code requires a single credential: OPENROUTER_API_KEY, which is appropriate for calling OpenRouter and is declared in skill.json and explained in SKILL.md. The initial registry summary incorrectly listed no required env vars — an inconsistency. The skill reads/writes only OpenClaw-related config and per-skill cache/state files under ~/.openclaw, which is proportionate to its purpose.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It can be run as a background watcher/daemon if the user chooses; this creates state files under ~/.openclaw for rate-limit tracking and rotation history, which is reasonable for its stated functionality. It does not attempt to modify other skills or system-wide settings beyond the OpenClaw config it is designed to manage.
Assessment
This skill appears to do what it says: it fetches free models from OpenRouter using your OPENROUTER_API_KEY, ranks them, and updates ~/.openclaw/openclaw.json to set primary and fallback models. Before installing: 1) Note the metadata mismatch — the registry summary omitted the required OPENROUTER_API_KEY and config path; treat the skill.json/SKILL.md as authoritative. 2) Back up ~/.openclaw/openclaw.json so you can restore your original config if needed. 3) Only provide an OpenRouter API key you control (no broader credentials are required). 4) Inspect the package locally before running pip install -e . If you run the watcher daemon, understand it will periodically call OpenRouter (using your key) and update your config; run it only if you want an automated rotation service. Overall the package is coherent with its purpose, but the metadata inconsistencies and the fact it will modify your OpenClaw config and run network calls warrant the usual caution and review before installation.Like a lobster shell, security has layers — review code before you run it.
latestvk9740wwf34ezs2hnamrsgxe9k183n6f5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.