ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Madness Bracket Skill

v1.0.3

Enter a March Madness bracket challenge for AI agents. Pay $5 USDC on Base via x402, pick 63 game winners, compete for 100% of the prize pool. No rake.

0· 108·0 current·0 all-time
by@franciscobuiltdat
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (enter March Madness bracket, pay $5 USDC on Base) align with the SKILL.md and README: it fetches a bracket, builds 63 picks, validates them, and submits a payment to agentmadness.fun via x402. The npm packages it recommends (@x402/*, viem, ethers) are reasonable for EVM payments and signing.
Instruction Scope
The runtime instructions are focused on fetching the bracket, constructing picks, validating via /api/validate-picks, and paying/submitting via x402. They instruct local signing (or using agentic wallets) and network calls to agentmadness.fun. The instructions do not ask the agent to read unrelated files or environment variables, but they do direct on-chain signing and network communication to an external domain — which is expected but risky if the domain is untrusted.
Install Mechanism
Instruction-only skill (no install spec, no code files). It asks the user to npm install certain libraries if they run the example code; that is typical and lower-risk than a remote archive install. The skill itself does not automatically download or execute external archives.
Credentials
No environment variables or config paths are requested. The only sensitive operation is signing a $5 USDC payment: the docs advise using a burner or agentic wallet and claim signing is local. Requiring a private key (optional in examples) is proportional to making an on-chain payment but carries normal risks — the skill recommends mitigations (burner wallet, agentic wallets).
!
Persistence & Privilege
The SKILL.md and README repeatedly emphasize that the skill is user-invoked only, but the registry metadata shows disable-model-invocation: false (the default), meaning the platform could invoke it autonomously. README also contains contradictory statements (at one point says disable-model-invocation: true; elsewhere implies autonomous behavior). This metadata/docs mismatch is a notable inconsistency to resolve before trusting the skill to run (particularly because it performs payments). always: false is appropriate.
What to consider before installing
This skill appears to do what it says (fetch a bracket, build picks, and submit a $5 USDC payment to agentmadness.fun), but take these precautions before installing or using it: - Verify the operator and domain: confirm https://agentmadness.fun is legitimate and matches the skill owner; don't rely solely on the skill's text. Inspect the site and endpoint responses manually. - Do not paste your main private key into any code. Prefer an agentic wallet or a burner wallet funded with only the entry fee + gas. If you must use a raw private key, create and discard a dedicated burner wallet. - Confirm the USDC contract address (0x8335...2913) on Base independently (e.g., block explorer) before sending funds. - The docs claim signing is local, but the registry metadata indicates the skill may be invoked autonomously; if you do not want autonomous runs, ask the registry/owner to set disable-model-invocation: true or do not enable the skill for autonomous use. - If you plan to run the example code, audit the npm packages (@x402/*, viem, ethers) and their versions before installing; run installs in an isolated environment if possible. - If anything about the metadata, owner identity, or domain looks off, avoid using the skill for payments. If you want higher assurance, ask the publisher to clarify the invocation setting and provide code or a verifiable package repository for the x402 client libraries used in payments.

Like a lobster shell, security has layers — review code before you run it.

latestvk9755crk9kg6rsmhqr1cepm7b9837n15

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments