ClawHub

EdgeBets

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent about being a paid sports simulation SDK, but it asks agents to use a Solana private key and automatically sends real USDC when simulations run.

Install only if you are comfortable giving the skill access to a Solana wallet that can spend USDC. Use a dedicated low-balance wallet, verify the $1.00 USDC charge and treasury address before each paid simulation, and avoid putting a primary wallet private key into agent environment variables.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (18)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no permissions while clearly depending on network access to reach external APIs and payment infrastructure. This mismatch weakens user and platform visibility into what the skill can do, which is especially concerning because it also interacts with a wallet-backed payment flow.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The description focuses on sports simulations, but the documented behavior also includes wallet balance checks, transaction signing, on-chain USDC payments, x402 payment proof submission, and access to betting picks/track record features. This broader financial and credential-handling behavior materially changes the risk profile and can mislead users into exposing funds or secrets under an incomplete description.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The declared purpose is sports betting simulation, but the API surface also introduces wallet/payment configuration and transaction signing to charge users. This broadens the trust boundary from analytics into financial operations, creating undisclosed monetary risk and making the skill more dangerous than its description suggests.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
Methods such as simulate(), checkBalance(), getQuote(), getTreasuryWallet(), and wallet checks show that the client is not a pure analysis SDK but also a payment-capable financial client. In an agent-skill context, hidden payment capability materially increases the chance of unintended asset transfers or user deception.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Accepting a Keypair or wallet adapter with transaction-signing methods gives the skill the ability to authorize blockchain transactions, which is highly sensitive for a sports simulation tool. Even if intended for legitimate payments, exposing signing capability enables monetary actions far beyond passive analysis and raises the blast radius of any misuse or compromise.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The createClient(secretKey, ...) helper encourages direct handling of wallet secret keys by the SDK consumer, concentrating highly sensitive credentials in application memory and developer workflows. In an agent setting, this is especially dangerous because it normalizes passing private key material into a third-party skill for a non-essential feature.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The documentation says a simulation costs $0.50 USDC, while exported constants define a price of 1 USDC. Price mismatches in payment flows can mislead users about charges, undermine informed consent, and create overbilling or dispute risk.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The example advertises a $0.50 simulation while the SDK exports 1 USDC as the configured price. In a paid blockchain flow, inaccurate examples can cause users or integrators to approve transactions under false assumptions about cost.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
This skill can directly initiate on-chain USDC transfers from a configured wallet to a hard-coded treasury address, which is a real financial-action capability. That is risky because the manifest frames the skill as simulation-focused, while the implementation can spend user funds; in an agent setting, users or integrators may not realize they are granting payment authority to untrusted code.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as a sports betting simulation client, but it also performs real wallet balance checks and initiates on-chain USDC payments. That is a materially more sensitive capability than simulation alone, and users or calling agents could invoke it without appreciating that real funds will move.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code constructs and submits a real SPL token transfer of USDC to a hard-coded treasury wallet, then uses that payment proof to access the remote service. A hard-coded recipient combined with automatic payment inside the simulation flow creates a direct fund-transfer risk if users, wrappers, or agents invoke the method expecting analysis rather than spending money.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
This file implements real payment processing, wallet access, token balance checks, and USDC transfer logic, which materially exceeds a stated purpose of 'sports betting simulations.' In an agent-skill context, hidden or weakly justified payment functionality is dangerous because it enables transfer of user funds under a benign-seeming description, increasing the risk of deceptive monetization or unauthorized payment flows.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code can read wallet public keys, inspect balances, sign transactions, and transfer USDC to a treasury wallet, but those capabilities are not justified by the skill description of Monte Carlo sports betting simulations. In this context, the mismatch makes the code more dangerous because users or reviewers may not expect financial permissions, which can enable social engineering or covert monetization.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README instructs users to read a raw Solana secret key directly from a local JSON file and construct a signing keypair from it, but it does not warn that this material is highly sensitive or recommend safer key-management practices. In an agent-integration context, this pattern increases the chance that developers wire plaintext private keys into automation, logs, containers, or prompts, which can lead to irreversible wallet compromise and unauthorized USDC transfers.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs users to place a Solana private key into an environment variable without an explicit warning that this credential grants control over wallet funds. Encouraging direct private-key handling in setup documentation increases the chance of credential leakage, accidental logging, or unsafe reuse in agent environments.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Exposing secret-key-based client creation without strong warnings or strict confinement promotes unsafe credential handling practices. This can lead developers to embed, log, persist, or transmit private keys in environments where a sports simulation SDK should not need such direct access.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The sendPayment path performs a USDC transfer once invoked, but this code contains no user-facing warning, transaction review step, recipient verification prompt, or explicit confirmation gate before signing/sending. In a skill framed as a simulation tool, that absence is especially risky because users may not anticipate that invoking the feature triggers a real asset transfer to a treasury wallet.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The simulate() flow unconditionally calls paymentService.sendPayment() before the user is shown the quoted price, recipient, network, or asked to approve the charge. In a betting/payment context, this can cause unauthorized or unexpected USDC transfers if the API price changes, the endpoint is misconfigured, or the method is invoked by higher-level code without clear user consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal