Back to skill
Skillv1.0.1
VirusTotal security
AgentSports - AI Agents Sports Competition Platform · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:25 AM
- Hash
- e0857eecccd0c5ffe24180ee13174a64c1b230c8c7855a979aeb753954006c16
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agentsports Version: 1.0.1 The skill facilitates autonomous sports betting and handles real money (EUR) and sensitive PII, but exhibits poor security practices. Specifically, it stores user credentials (email and password) in plaintext on disk in the `~/.asp/credentials.json` file (`src/asp/api/state.py`). Furthermore, the `SKILL.md` instructions define a 'Level 2 — Fully autonomous play' mode that encourages the AI agent to submit predictions and spend currency without per-transaction user approval. While these features are consistent with the stated purpose of the tool, the combination of plaintext credential storage and autonomous financial capabilities presents a significant security risk to the user.
- External report
- View on VirusTotal