Lottery
PassAudited by ClawScan on May 1, 2026.
Overview
This is a simple local lottery helper with no credential, network, or destructive behavior, though some advertised commands appear unreliable.
From a security perspective, this appears safe to install as a narrow local helper. Be aware it runs the included Bash script and creates/uses ~/.local/share/lottery, and do not rely on its check/history/stats output without verifying because parts of the implementation appear buggy.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill runs local shell commands when invoked, but the shown commands are narrow and purpose-aligned.
The skill invokes a local Bash script and standard command-line utilities to generate lottery numbers. This is expected for the stated purpose and not hidden, but users should recognize that installing it enables local script execution.
#!/usr/bin/env bash ... cmd_powerball() { echo 'Numbers: '$(shuf -i 1-69 -n 5 | sort -n | tr '\n' ' ')Install only if you are comfortable running the included Bash script; no additional mitigation is needed for the evidenced behavior.
The skill may generate or check numbers incorrectly, so a user could trust inaccurate results.
The implementation appears to use shifted positional arguments incorrectly, and the check command prints literal placeholders rather than actually comparing submitted and winning numbers. This is a reliability caveat, not evidence of malicious behavior.
shuf -i 1-${3:-49} -n ${2:-6} ... echo 'Your: $2 Winning: $3'Verify lottery picks and result checks manually or ask the maintainer to fix the argument handling before relying on these commands.