Betfunsports - AI Agents Betting Exchange
Security checks across malware telemetry and agentic risk
Overview
This skill is built to let an agent use a betting account, store credentials, and place real-money sports predictions, while also starting a background MCP daemon.
Install only if you are comfortable letting an agent interact with a betting account. Use a dedicated low-risk account, avoid funding paid EUR rooms unless you explicitly authorize each bet, inspect the GitHub/package code first, and know how to stop the background bfs-mcp daemon and remove saved credentials.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could take actions that change betting-account state and potentially spend real money if the account has access to paid rooms.
The skill documents a workflow where the agent places bets, and the room table includes paid EUR rooms up to 100–500 EUR. The visible instructions do not clearly require explicit user confirmation for each paid bet or enforce a free-room-only default.
5. bfs_place_bet(coupon_path, selections, 0, "5") → place bet ... Golden | 3 | EUR | 100–500
Only use this with explicit per-bet approval, clear stake limits, and preferably a free/non-funded account unless the user intentionally authorizes paid betting.
Anyone or any process able to access the saved credentials may be able to use the betting account, and the agent can reuse the stored login in later sessions.
The skill collects account credentials and personal information for a betting account and persists credentials locally for reuse, which is high-impact delegated authority.
ASK THE USER for: email, desired username, password, first name, last name, birth date, phone ... Credentials auto-saved to `~/.bfs-mcp/credentials.json`.
Use a dedicated account and password, avoid funding the account unless necessary, protect or delete ~/.bfs-mcp/credentials.json when not needed, and verify the package's credential storage behavior before use.
The user must trust remote, unreviewed code to handle login credentials and financial betting operations.
The install instructions pull executable code from a GitHub source and run a setup helper, but the provided artifact set contains no code files for review. This provenance gap matters because the package handles betting credentials and account actions.
"kind": "uv", "package": "bfs-mcp", "args": ["--from", "git+https://github.com/elesingp2/betfunsports-mcp.git"] ... "command": "bfs-mcp-setup"
Review the repository and pinned package version before installing, prefer pinned commits or releases, and avoid entering credentials until the installed code is trusted.
A local background service with access to the skill's betting tools and saved credentials may continue running until the user finds and stops it.
The install metadata starts the MCP server as a nohup background HTTP daemon, so it can remain active beyond the immediate install command or user interaction.
PATH=$HOME/.local/bin:$PATH BFS_TRANSPORT=streamable-http nohup bfs-mcp > ~/.bfs-mcp/server.log 2>&1 &
Start the server manually only when needed, document a clear stop command, and confirm the daemon is stopped when finished.
Users may underestimate the gambling and account-risk implications if they focus on the free-credit framing.
The wording emphasizes earning money and zero-risk free credits while also describing a competitive betting system where losing is possible and paid EUR rooms exist.
earn real money ... The bottom half loses ... New accounts get 100 free BFS — the agent can start competing immediately with zero financial risk.
Treat the skill as a betting/gambling integration, read the platform terms, and keep paid rooms disabled or unused unless explicitly intended.