ClawHub

Football Automated Value Betting

Security checks across malware telemetry and agentic risk

Overview

This skill is openly for automated sports betting, but it enables money-risking actions and credential use without clear per-bet approval or secure secret handling.

Install only if you intentionally want an agent involved in gambling decisions. Replace the embedded API key, avoid putting betting credentials in plain configuration, and require explicit confirmation for every wager. Treat the current version as requiring human review before any real-money use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The manifest contains hard-coded external service configuration, including an API key and betting platform domains, which exposes sensitive credentials and preconfigures outbound connections to third-party gambling services. In this skill context, that is especially dangerous because it enables immediate access to live data and automated wagering without any secure secret handling or environment-based controls.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description and prompt define a broad autonomous betting role with periodic monitoring, analysis, and execution, but do not impose strong trigger boundaries such as explicit per-bet user approval, session scoping, or narrow activation conditions. In a high-risk domain like gambling, this ambiguity increases the chance of unintended autonomous financial actions.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The prompt instructs the agent to execute bets when strategy criteria are met, using a real betting tool, without requiring user opt-in, age/jurisdiction checks, affordability checks, or responsible gambling suitability review. In this context, the skill is directly connected to a gambling platform, so the absence of consent and compliance safeguards can lead to unauthorized financial loss and regulatory exposure.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The function is explicitly designed to execute a gambling action and updates persistent in-memory bet history/state immediately, but it provides no confirmation, consent gate, dry-run mode, or other safeguard before an irreversible financial action. In an agent setting, this increases the risk of unintended or automated wagering, especially because the function name and return string present the action as successful placement rather than a harmless simulation.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The function transmits a supplied API key to an external third-party service, which is normal for API use, but there is no visible disclosure, scoping guidance, or protection around how that credential is handled. In an agent skill, silent outbound credential use can surprise users and may expose secrets through unintended execution paths, logging, or use with untrusted inputs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs users to place betting-site credentials into configuration, but provides no guidance on secure secret handling, storage, masking, or scoping. In an agent-skill context, this is dangerous because credentials may be exposed through logs, prompts, shared config files, backups, or downstream integrations, leading to account compromise and unauthorized betting activity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal