Skillv1.0.0

ClawScan security

Football Automated Value Betting · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 11, 2026, 9:25 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (automated value betting) roughly matches its code, but there are notable inconsistencies around credential handling and execution that could lead to secret leakage or unexpected external actions.
Guidance: What to consider before installing: - The skill asks you to provide an API key and betting-account credentials but does not declare any env vars for secure injection; instead an api_key-like value is embedded in the shipped JSON. Treat that as a red flag: do not assume the embedded key is safe or valid. - Automated betting carries real financial and legal risk. Confirm local laws permit this activity and be prepared for monetary loss. - If you proceed, require the developer to: (1) remove hard-coded secrets from shipped files, (2) declare required environment variables (e.g., ODDS_API_KEY, SINGBET_USER / SINGBET_PASS or token) so you can supply credentials securely, and (3) provide a clear, auditable implementation of how bets are executed (authentication, endpoints, and error handling). - Prefer to test in a sandbox: run the skill in an isolated environment with fake/test credentials and no real funds before enabling any real execution. If the embedded api_key is real, rotate/revoke it. - If you need a quick safety checklist: ask the author for (A) explicit list of required secrets, (B) proof that the skill does not exfiltrate local files or unrelated credentials, and (C) assurance that actual bet execution is gated behind an explicit, user-confirmed step (not fully autonomous). Confidence note: assessment is medium confidence because the code is short and the actual bet-execution is a placeholder; the main issues are the credential handling inconsistencies and the presence of a hard-coded api_key in the config JSON.

Review Dimensions

Purpose & Capability: concernThe skill claims to monitor live odds (The Odds API) and execute bets on Singbet — the provided code implements fetching odds and local bet-tracking and includes placeholders for placing bets. However the skill metadata declares no required credentials/env vars while the runtime instructions explicitly ask for an API key and betting account credentials. file (1).json even contains a hard-coded api_key and platform/agent URLs, which is inconsistent with the registry's 'no required env vars' declaration and suggests secrets are embedded rather than managed securely.
Instruction Scope: noteSKILL.md instructs the agent to obtain a The Odds API key, configure betting account credentials, monitor live match indices, and execute bets. The instructions do not request unrelated system files or environment values, but they do authorize sending transaction data to external betting endpoints (Singbet/hga030/sangbet.com). The code's execute_singbet_bet is a placeholder (no real session/auth), so actual automated execution would require additional credentials and web-automation not present here.
Install Mechanism: okThis is an instruction-only skill with no install spec and only a small Python file. No additional packages or remote downloads are specified, so there is low installation risk.
Credentials: concernThe skill asks the user (in SKILL.md) to provide The Odds API key and betting account credentials but declares no required environment variables. Instead an api_key is hard-coded in file (1).json. That is disproportionate and inconsistent: sensitive credentials are expected yet not declared for secure injection, and a secret-like value is embedded in the code/config file. The skill also references external betting platforms (hga030.com, sangbet.com) without clear, secure authentication mechanisms.
Persistence & Privilege: okThe skill does not request always-on presence, does not modify other skills or global agent configuration, and does not request system-level config paths. It operates with normal autonomy defaults (agent invocation allowed), which is expected for this use case.