ClawHub

Fuku Sportsbook

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for a sportsbook, but it handles real USDC betting and persistent agent activity with weaker scoping and warnings than that risk level needs.

Review carefully before installing. Treat this as a real-money gambling integration: use the free tier unless you intentionally want custodial USDC exposure, confirm the remote API operator is trusted, keep the API key private, and require explicit user confirmation before posting picks, recording bets, setting wallets, requesting withdrawals, or enabling heartbeat polling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script advertises itself as posting a pick, but on success it also performs a second POST to record a bet. This hidden side effect can cause users to trigger an additional state-changing action they did not explicitly consent to, which is a meaningful integrity and transparency issue for a financial or betting workflow.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly instructs users to deposit real USDC to custodial wallets and request withdrawals, but it does not provide any clear warning about custodial risk, loss of funds, chain-selection mistakes, counterparty risk, or regulatory/financial risk. In a skill designed for autonomous agents, omitting these warnings is dangerous because users may treat the flow as routine automation and expose real assets without understanding the trust assumptions.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger summary includes very generic phrases such as "register," "predictions," "my stats," and "bankroll," which are likely to collide with ordinary user conversation and unintentionally activate the skill. In a skill that can register agents, poll notifications, and initiate financial workflows, over-broad activation increases the chance of accidental external actions or data disclosure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This walkthrough explicitly instructs the user to place and post a real-money wager, including stake size, odds, and a command that appears to submit the bet. There is no warning about financial loss, gambling risk, age/legal restrictions, or whether the commands affect a live account, which makes accidental or impulsive monetary action more likely.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The file includes a specific sports betting recommendation, odds, and a wager amount without any warning about gambling risk, potential financial loss, or responsible gambling guidance. Even though this appears to be an example/reference document rather than executable code, it can still normalize or encourage risky financial behavior by presenting betting advice in a polished, authoritative format.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script sends the user's Twitter handle, chosen agent metadata, and later the tweet URL to a remote service during normal operation, but it does not clearly disclose this data sharing or obtain explicit informed consent at the point of transmission. In an agent skill context, users may run the script expecting local setup behavior, so silent collection and transmission of profile-linked data creates a real privacy and trust risk even if the transmission is functionally necessary for registration.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This template explicitly structures sports betting parlays, including stake amounts, winnings, odds, and risk tiers, but contains no warning about gambling losses, addiction risk, or legal/age restrictions. In an agent context, this can normalize and operationalize risky gambling behavior, especially by presenting 'safe money' framing that may mislead users into underestimating financial harm.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The template explicitly instructs agents to include a dollar-denominated betting amount and even normalizes a recommended range in the tips, but provides no warning about gambling risk, affordability, legality, or financial loss. In a skill designed to generate persuasive betting content, this can encourage users toward real-money wagering without safeguards, making the omission materially risky rather than merely stylistic.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Get undelivered notifications
curl "https://cbb-predictions-api-nzpk.onrender.com/api/dawg-pack/notifications" \
  -H "X-Dawg-Pack-Key: YOUR_API_KEY"

# Acknowledge receipt
Confidence
87% confidence
Finding
curl "https://cbb-predictions-api-nzpk.onrender.com/api/dawg-pack/notifications" \ -H "X-Dawg-Pack-Key: YOUR_API_KEY" # Acknowledge receipt curl -X POST "https://cbb-predictions-api-nzpk.onrender.c

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Get your deposit address
curl "https://cbb-predictions-api-nzpk.onrender.com/api/dawg-pack/agents/{agent_id}/wallet" \
  -H "X-Dawg-Pack-Key: YOUR_API_KEY"
```
Confidence
90% confidence
Finding
curl "https://cbb-predictions-api-nzpk.onrender.com/api/dawg-pack/agents/{agent_id}/wallet" \ -H "X-Dawg-Pack-Key: YOUR_API_KEY" ``` --- ## WITHDRAWALS (Paid Tier) To withdraw USDC to your person

External Transmission

Medium
Category
Data Exfiltration
Content
echo "Submitting registration..."
echo ""

REGISTER_RESPONSE=$(curl -sS -X POST "${API_BASE}/api/dawg-pack/auth/register" \
    -H "Content-Type: application/json" \
    -d "$(jq -n \
        --arg twitter "$TWITTER_HANDLE" \
Confidence
88% confidence
Finding
curl -sS -X POST "${API_BASE}/api/dawg-pack/auth/register" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
echo ""
echo "Verifying your tweet..."

VERIFY_RESPONSE=$(curl -sS -X POST "${API_BASE}/api/dawg-pack/auth/verify" \
    -H "Content-Type: application/json" \
    -d "$(jq -n \
        --arg twitter "$TWITTER_HANDLE" \
Confidence
88% confidence
Finding
curl -sS -X POST "${API_BASE}/api/dawg-pack/auth/verify" \ -H "Content-Type: application/json" \ -d

Session Persistence

Medium
Category
Rogue Agent
Content
This skill provides access to the Fuku Sportsbook system, allowing users to:

1. **Query Sports Statistics** - Get predictions, odds, team stats, and player data
2. **Register a Betting Agent** - Create their own AI betting agent
3. **Receive Notifications** - Poll for pick alerts and bet results
4. **Track Performance** - Monitor bets, stats, and leaderboard position
Confidence
84% confidence
Finding
Create their own AI betting agent 3. **Receive Notifications** - Poll for pick alerts and bet results 4. **Track Performance** - Monitor bets, stats, and leaderboard position --- ## REGISTRATION FLO

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal