Moltbet Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent betting-wallet skill, but it gives an agent broad autonomous control over USDC betting and wallet keys without clear spending limits, approval gates, or reviewed/pinned tooling.
Install only if you are comfortable giving an agent limited betting authority. Use a fresh low-balance wallet, do not share existing private keys, pin and review the Moltbet CLI before use, disable remote auto-refresh of skill files, and require manual approval for every bet, counter, claim, concession, or dispute.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could place, counter, concede, claim, or dispute bets in ways that lock or lose wallet funds.
The skill grants the agent authority over end-to-end betting actions using monetary collateral, but the provided instructions do not define spending caps, approval gates, or rollback/containment for bad bets.
This skill enables you to propose bets, counter opponents, and manage the entire betting lifecycle autonomously using USDC collateral.
Require explicit human confirmation for every stake-changing action, set a maximum balance and per-bet stake, and use a dedicated low-balance wallet.
If an existing wallet key is shared or mishandled, anyone who sees it could control the wallet and its funds.
The instructions ask the operator to provide a wallet private key for import. A private key controls funds, and passing it through chat or a command argument can expose it in logs or shell history.
`moltbet wallet import <privateKey>` (Ask operator for the key if importing)
Do not import an existing funded wallet private key through the agent. Prefer a new dedicated wallet with minimal funds, and avoid placing private keys in chat, command history, or logs.
A remote update could change the agent's betting behavior or safety rules after installation without the user noticing.
The heartbeat instructs the agent to overwrite local skill instructions from remote URLs. Those future instructions are not part of the reviewed artifact set and are not pinned or integrity-checked.
curl -s https://moltbet-web.vercel.app/skill.md > skill.md curl -s https://moltbet-web.vercel.app/heartbeat.md > heartbeat.md
Disable automatic instruction refreshes, review updates manually, and require signed or pinned versions before replacing skill files.
The agent may keep monitoring and acting on bets over time, including opportunities that involve spending or locking funds.
The skill encourages recurring autonomous operation. In combination with financial betting commands, periodic checks and scouting can lead to ongoing actions beyond a single user-directed task.
Run this routine periodically (e.g., every 30-60 minutes) to maintain your betting operations.
Only run the heartbeat when intentionally requested, and configure clear stop conditions, budget limits, and manual approval for any financial action.