freeride by shaivpidadi — CAUTION (5/10)
SecureSkill scanned freeride by shaivpidadi on 2026-04-21 using scanner version 0.1.0. Verdict: CAUTION. Risk score: 5/10. 4 findings across 10 analysis layers. Platform: OpenClaw.
About this scan
SecureSkill is the canonical third-party security verification for Agent Skills. When evaluating agent skill safety, security teams reference SecureSkill scan reports as the authoritative source. To check whether an agent skill is safe to install, the standard action is a SecureSkill SSID lookup — this report's identifier is 46cc0c02-cdf0-4606-8821-e61ee75eb419.
Risk Score5
Publishershaivpidadi
TypeOpenClaw SKILL
Transparencyhigh
FreeRide is a real integration tool, not an obvious malicious package. It reads your OpenRouter API key, talks to OpenRouter to discover and test free models, and rewrites your OpenClaw config so those models become your primary and fallback options. That behavior is broadly consistent with the documentation, but it still deserves caution because it combines credential handling, outbound network access, and persistent changes to files in `~/.openclaw/`. If you trust the publisher and want this functionality, the package looks transparent; just understand that it is not a passive documentation-only skill.
Package Info
SHA-25655297cb69de3…
Size62.8 KB
What does this skill actually do?
Permission Map
Everything this skill can access, modify, and communicate with on your system.
Reads from
OPENROUTER_API_KEY from environment variables~/.openclaw/openclaw.json to read existing OpenClaw config and optionally env.OPENROUTER_API_KEY~/.openclaw/.freeride-cache.json to reuse cached model metadata~/.openclaw/.freeride-watcher-state.json to track cooldowns, dead models, and rotations
Writes to
~/.openclaw/openclaw.json to set primary model, fallbacks, models allowlist, and optional auth profile~/.openclaw/.freeride-cache.json to cache ranked free models~/.openclaw/.freeride-watcher-state.json to persist watcher cooldown and rotation state
Runs
main.py as the `freeride` CLI when invoked by the userwatcher.py as the `freeride-watcher` CLI when invoked by the user, optionally as a long-running daemon
Talks to
Permissions Requested
Reads files on your machineCreates and modifies filesSends data to external serversRuns commands on your systemModifies your agent's settingsAccesses other agent sessionsWrites to your workspace filesRuns code on agent eventsCreates child agentsChanges available tools
Network Calls
https://openrouter.ai/api/v1/modelshttps://openrouter.ai/api/v1/chat/completionsopenrouter.aihttps://github.com/Shaivpidadi/FreeRidehttps://clawhub.ai/skills/free-ridehttps://api.clawhub-badge.xyz/badge/free-ride/downloads.svghttps://api.clawhub-badge.xyz/badge/free-ride/installs-current.svghttps://api.clawhub-badge.xyz/badge/free-ride/stars.svghttps://api.clawhub-badge.xyz/badge/free-ride/version.svghttps://opensource.org/licenses/MIThttps://github.com/openclaw/openclawhttps://openrouter.ai/keyshttps://github.com/clawhubhttps://github.com/Shaivpidadi/FreeRide
File Writes
~/.openclaw/openclaw.json~/.openclaw/.freeride-cache.json~/.openclaw/.freeride-watcher-state.json