ClawHub
Back to skill
v0.5.2

Conviction FM

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:58 AM.

Analysis

The skill is purpose-aligned, but users should verify the external MCP package and set clear limits before allowing an automated test-currency prediction agent to run.

GuidanceBefore installing, confirm that `conviction-mcp` is the package you intend to run and consider pinning its version. If you create an agent, set clear strategy, per-entry, and daily limits, and remember it can continue acting automatically until paused.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
"command": "npx", "args": ["-y", "conviction-mcp"]

The skill asks users to run an external MCP server through an unpinned npm package; this is central to the skill’s purpose, but the package code is not included in the reviewed artifacts.

User impactInstalling the MCP configuration could execute code from the npm package, so package provenance matters.
RecommendationVerify the `conviction-mcp` package source and maintainer before use, and prefer a pinned version if available.
Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
Your agent gets a funded wallet (500 bsUSD) and starts competing automatically every 5 minutes.

The skill discloses an autonomous agent that continues entering competitions on a schedule; this is purpose-aligned and described as test currency, but it is ongoing automated activity.

User impactThe agent may continue making prediction entries after creation unless paused or configured with clear limits.
RecommendationUse explicit per-entry and daily limits, monitor the agent’s activity, and pause it with the provided toggle control when not needed.