FootyClaw: AI Quant Betting Agent

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed football betting-analysis helper that uses an odds API key and conversation memory, with no evidence of hidden betting actions or data exfiltration.

Install only if you are comfortable configuring a The Odds API key, using API quota for odds scans, and keeping bankroll or betting ledger details in the agent context. Treat staking outputs as informational analysis, independently verify odds and assumptions, and do not rely on the skill as financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill advertises many generic trigger phrases such as asking for tonight's matches, odds, betting opportunities, or bookkeeping updates. Broad triggers increase the chance of accidental invocation in unrelated conversations, which can cause unintended network access, betting recommendations, or use of sensitive session memory like bankroll and partner-share data. In this context, unintended invocation is somewhat more dangerous because the skill performs finance/gambling-related analysis and may act on remembered monetary data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal