Back to skill

Security audit

Football Automated Value Betting

Security checks across malware telemetry and agentic risk

Overview

This skill is openly about automated sports betting, but it asks an agent to make gambling decisions without per-bet approval and its betting function can falsely report success.

Install only if you intentionally want an agent involved in gambling workflows. Treat this version as needing review before real-money use: require explicit confirmation before every wager, do not rely on its 'Bet Successfully Placed' response as proof of an external transaction, replace or remove the hard-coded API key, and avoid storing betting credentials in plain configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The function and its documentation claim to execute a real bet on an external gambling platform, but the implementation only appends to local history and returns a success message. This deceptive behavior can mislead users or higher-level agents into believing a financial transaction occurred, causing unsafe decision-making, duplicate bets, or audit/compliance failures.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill is explicitly designed to autonomously execute real-money bets using a configured betting platform and stake size, yet it provides no user warning, confirmation step, or acknowledgment of financial risk and irreversibility. In context, that omission materially increases the chance of unauthorized or poorly understood financial actions, especially because the tool can place bets directly rather than merely analyze data.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The function transmits an API key to a third-party service without any surrounding consent, disclosure, or safeguards. Even though credential transmission to the intended API is expected, this still creates risk in agent contexts where users may not realize secrets are being sent off-platform or where keys may be over-shared and mishandled.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes automated execution against a third-party betting site and instructs the user to supply credentials, but it does not clearly warn that stored betting credentials will be used to place wagers on the user's behalf. In a financial-gambling context, this omission is dangerous because users may enable the skill without understanding that it can autonomously commit funds, creating risks of unauthorized transactions, account misuse, and regulatory exposure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.