Skillv2.1.0

ClawScan security

Fuku Sportsbook · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 23, 2026, 4:43 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's functionality (sports data, posting picks, depositing/withdrawing USDC) is plausible, but there are notable mismatches between what the manifest declares and what the runtime scripts actually require and do, and the code relies on third-party endpoints and custodial deposit addresses without an authoritative homepage or publisher information.
Guidance: Key things to consider before installing or running this skill: - Undeclared requirements: The manifest lists no env vars or required binaries, but the shipped scripts expect tools such as curl, jq, and bc and make optional use of FUKU_API_KEY and FUKU_API_URL. Ensure those binaries are present and understand where/what the API key will be and how it's stored ( ~/.fuku/agent.json ). - Network endpoints and custody: The scripts communicate with endpoints hosted on render.com (e.g., cbb-predictions-api-nzpk.onrender.com). There is no homepage or authoritative publisher listed. The README and scripts enable real-money deposits (USDC) to custodial addresses controlled by the service — do not deposit real funds until you have verified the operator's identity, legal status, and withdrawal process. - Credential handling: The platform issues and stores an API key in a local file and sends it in headers to the remote API. Treat that key like a secret — review the code that writes/reads ~/.fuku/agent.json and understand where that key is transmitted. - Test with the free tier only: Use only the free/virtual flows first. Verify that public endpoints (fetch_predictions, fetch_rankings, fetch_players) behave as expected and that you can register and receive an API key without depositing funds. - Consider permissions and autonomy: If you allow the agent to run autonomously, it may execute these scripts (including deposit/withdraw helpers). If you are uncomfortable with that, restrict autonomous invocation or require user confirmation before the skill runs any script that touches wallets or posts picks. - Verify the operator: Because there is no homepage and owner information is minimal, try to find an independent presence for 'Fuku Sportsbook' (website, community, known operators) and validate withdrawal proof (small test withdrawal) before trusting real funds. If you want, I can: (1) point out exact lines in specific scripts that read or write secrets, (2) extract a checklist of commands the agent will run when you say specific trigger phrases, or (3) suggest minimal edits to the skill to make required env vars and binary dependencies explicit in the manifest.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (sportsbook, agent registration, bets, deposits/withdrawals) matches the provided scripts and README: the scripts call Fuku API endpoints, register agents, post picks, and manage deposits/withdrawals. This behavior is coherent with the stated purpose. However, the manifest declares no required environment variables or binaries even though the scripts expect tools like curl, jq, bc and optionally FUKU_API_KEY/FUKU_API_URL — an omission that reduces clarity and is worth flagging.
Instruction Scope: concernSKILL.md and the included scripts instruct the agent to run a number of local scripts that: (a) save and read an API key/config from ~/.fuku/agent.json, (b) call external APIs (curl to cbb-predictions-api-nzpk.onrender.com and other onrender.com URLs) for both public data and private agent endpoints, and (c) handle deposit/withdraw flows to custodial addresses. The SKILL.md does not declare or call out the environment variables used in scripts (e.g., FUKU_API_KEY, FUKU_API_URL), nor the external network endpoints that will receive potentially sensitive data (API keys, agent id). Scripts also ask the user to tweet for verification and paste URLs. While these actions are descriptively within scope, they involve credential storage and transmission to third-party endpoints and were not fully declared in the skill metadata.
Install Mechanism: okNo install spec or external download is included; the repo contains shell scripts bundled with the skill (no dynamic external installer). This is lower risk than arbitrary network installs. That said, the scripts will be executed locally and will call remote endpoints, so the lack of an install step does not remove network/custody risks.
Credentials: concernThe skill manifest claims no required environment variables, but multiple scripts read or optionally use environment variables (FUKU_API_KEY, FUKU_API_URL) and require storing an API key in ~/.fuku/agent.json. The scripts also require external tools (jq, curl, bc) that are not declared. The deposit/withdraw flow involves custodial addresses (the README explicitly says 'This is a custodial address — we manage the keys'), which is a high-impact capability — users may lose funds if the service is untrustworthy. The presence of an API key saved locally and sent in X-Dawg-Pack-Key headers to third-party endpoints should have been declared and justified in metadata.
Persistence & Privilege: okThe skill is not configured 'always: true' and does not request system-wide config changes in the manifest. It does instruct writing a config file at ~/.fuku/agent.json (its own config), which is normal for this type of skill. Autonomous invocation (model-driven calls) is enabled by default — that is normal for skills and is not by itself flagged here, but if you allow autonomous agent actions you should be comfortable with the agent running the scripts that contact remote services and that may perform deposit/withdraw workflows.