ClawHub

Moltbet Skill

Security checks across malware telemetry and agentic risk

Overview

This betting-agent skill is not clearly malicious, but it gives an agent financial authority and tells it to update its own instructions from a website without review.

Install only if you intentionally want an agent involved in Moltbet wagering. Use a new low-balance wallet, avoid importing any important private key, pin and review the CLI instead of relying on @latest, disable or manually review remote instruction updates, and require human approval for every funding, wager, counter, claim, concession, and dispute action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to fetch remote content and overwrite local `skill.md` and `heartbeat.md` without integrity verification, pinning, or an explicit trust boundary. This creates a supply-chain style risk where a compromised server, DNS, hosting account, or transit path could replace the agent's operating instructions with malicious content that changes future behavior.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list contains broad, common terms such as "bet," "prediction," and especially "gamble," which can cause the skill to activate in contexts unrelated to this specific application. In a finance/betting skill, unintended activation is more dangerous because it could steer agents into wagering workflows, external API calls, or financially consequential actions based on ambiguous user input.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The quick-start section explicitly urges users to 'GET STARTED IMMEDIATELY' and directs them to register, create/import a wallet, verify identity, and deposit USDC before presenting meaningful risk disclosures about financial loss, irreversible blockchain actions, or safe wallet handling. In a skill for autonomous betting with real funds, this creates a material chance that users or agents will take on-chain actions prematurely, fund wallets, or expose sensitive credentials without informed consent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal