ClawHub

Rich Lottery

Security checks across malware telemetry and agentic risk

Overview

This paid lottery skill discloses its fee, but its code appears to present random or hardcoded picks as historical-data analysis.

Review carefully before installing or using. Treat the numbers as entertainment-only random or heuristic picks, not evidence-based lottery analysis, and only allow calls after confirming each 0.01 USDC charge.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill markets itself as historical-data-based intelligent analysis, but the finding indicates the behavior is payment-gated and may return hardcoded or randomized recommendations that merely simulate analysis. This is dangerous because users or agents may spend funds based on deceptive claims, creating financial harm and eroding trust in agent ecosystems even if there is no direct code-execution risk.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill claims to provide history-based intelligent lottery analysis, but the implementation only uses hardcoded number pools and random sampling. This is a deceptive functionality issue: users may trust the output as data-driven advice when it is effectively arbitrary, which is especially concerning in a gambling-related context where users may make financial decisions based on false claims.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The 大乐透 path repeats the same deceptive pattern: recommendations are presented as analysis-driven but are generated from preset lists and randomness rather than actual historical computation. In the context of a lottery recommendation skill, this can mislead users into believing the outputs have predictive value, creating consumer-harm and trust risks.

Intent-Code Divergence

Low
Confidence
83% confidence
Finding
The inline comment explicitly says the historical analysis is only a simulation, while the public-facing skill description markets it as genuine intelligent analysis. This discrepancy is evidence of misleading representation and increases confidence that the skill is knowingly overstating its capabilities, though by itself it is lower impact than direct code execution flaws.

Unvalidated Output Injection

High
Category
Output Handling
Content
@app.route('/ssq')
def ssq():
    try:
        result = subprocess.run(
            [sys.executable, "scripts/lottery_analysis.py", "ssq"],
            capture_output=True,
            text=True,
Confidence
81% confidence
Finding
subprocess.run( [sys.executable, "scripts/lottery_analysis.py", "ssq"], capture_output

Unvalidated Output Injection

High
Category
Output Handling
Content
@app.route('/dlt')
def dlt():
    try:
        result = subprocess.run(
            [sys.executable, "scripts/lottery_analysis.py", "dlt"],
            capture_output=True,
            text=True,
Confidence
81% confidence
Finding
subprocess.run( [sys.executable, "scripts/lottery_analysis.py", "dlt"], capture_output

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal