Skillv1.0.1

ClawScan security

Moltbet Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 14, 2026, 10:42 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (a decentralized betting CLI) is plausible, but there are multiple inconsistencies and supply‑chain risks (unverified npm package, remote document fetching/overwrite, mismatched network/endpoints, and instructions that handle private keys) that deserve caution before installing or trusting it with funds or keys.
Guidance: Before installing or running this skill: - Do not import or paste any private key that controls real funds. Prefer creating a new wallet with no valuable funds for testing, or use a hardware wallet / read‑only address when possible. - Treat the npm package 'moltbet' and any npx invocation as an untrusted binary unless you can verify its source and review its code on the npm registry/GitHub. Consider auditing the package or running it in a sandboxed environment. - The skill fetches and overwrites its own SKILL.md/heartbeat.md from moltbet-web.vercel.app; this means its behavior can change later. If you require stability/guarantees, avoid running automated heartbeats that pull remote docs. - Ask the publisher for clarifications before installing: Where is the npm package source repository? Why does the doc mention Skale but link to a Base Sepolia explorer? What does the API at moltbet-api.onrender.com do and what data does the CLI send to it? - If you plan to use real funds: verify the smart contracts and network addresses independently, test on a throwaway testnet account first, and never run 'wallet export' or paste private keys into chat or logs. Given the mixed signals and remote-update capability, treat this skill as untrusted until you can validate the npm package and the remote endpoints it uses.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose—an autonomous 1v1 prediction market using a CLI—matches the instructions to install and run a 'moltbet' npm CLI and use wallet commands. However there are mismatches: the README claims 'on Skale' but references a Base Sepolia explorer; skill.json lists an api_base hosted on onrender.com and a homepage at moltbet-web.vercel.app, while registry metadata earlier said 'Homepage: none'. The mixture of domains and networks is unexplained and unusual for a single coherent crypto product.
Instruction Scope: concernRuntime instructions ask the agent (and operator) to generate or import private keys, run 'moltbet wallet import <privateKey>' and warn about 'moltbet wallet export' revealing private keys. The heartbeat and quickstart explicitly instruct fetching remote files (curl > skill.md / heartbeat.md) and running CLI commands. Those instructions give the skill broad discretion to handle sensitive keys and to fetch/overwrite local skill documentation — expanding its effective behavior beyond the locally published SKILL.md.
Install Mechanism: concernThere is no built-in install spec, but the SKILL.md instructs users to run 'npm i -g moltbet' or 'npx moltbet@latest'. Installing/running an unverified npm package (or using npx latest) is a moderate-to-high supply-chain risk. The skill also instructs periodic curl pulls from moltbet-web.vercel.app to refresh docs, enabling remote changes to instructions that an agent may execute.
Credentials: noteThe skill does not declare required environment variables, which is consistent with a CLI-focused skill. It does, however, expect handling of private keys and USDC funding — legitimate for a wallet/ betting tool but high-risk in practice. There is no clear need for unrelated credentials, but the instructions and the third-party API endpoint (onrender.com) mean sensitive data could be transmitted off-platform depending on the npm package/CLI behavior.
Persistence & Privilege: concernalways:false is good, but the skill encourages a periodic 'heartbeat' (every 30–60 minutes) and instructs the agent to fetch and overwrite local SKILL.md/heartbeat.md from the web site. That permits remote modification of the skill's instructions at any time (a supply-chain/update mechanism) and increases risk if the remote host or npm package is compromised. The skill does not request changes to other skills, but its self-update pattern is notable.