football-value-bets
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may make football-data API calls and web searches using team and match information.
The skill directs the agent to run local scripts and perform web searches. This is expected for data-driven betting analysis, but users should know the agent will use external tools during normal operation.
Fetch current match data:
```bash
python3 {baseDir}/scripts/match_fetcher.py --mode full
```
...
After the data analysis, search the web for EVERY shortlisted matchUse the skill when you are comfortable with external match/news lookups, and review the generated bet slip before acting on it.
The skill can use your football-data.org API quota/account for match data requests.
The script reads the football-data.org API key from the environment or config file and sends it as the provider auth header. This is necessary for the stated API integration and does not show unrelated credential use.
key = os.environ.get("FOOTBALL_DATA_API_KEY", "") ... key = cfg.get("api_key", "") ... headers = {"X-Auth-Token": api_key}Use a dedicated low-privilege/free API key, prefer an environment variable over storing it in a file, and rotate the key if it is exposed.
Installing the dependency changes the local Python environment.
The skill asks the user to install the standard Python `requests` package. This is purpose-aligned for API access, but any package install adds normal dependency provenance risk.
Install dependencies (one-time): ```bash pip install requests ```
Install dependencies from a trusted package source, ideally in a virtual environment.
Your generated slips, stakes, results, ROI, and history may remain on disk for later stats/history use.
The tracker persists bet slips and cumulative statistics locally. This is aligned with the advertised result-tracking feature, but it creates a stored record of betting activity.
DATA_DIR = Path(__file__).resolve().parents[1] / "data" BETS_DIR = DATA_DIR / "bets" STATS_FILE = DATA_DIR / "stats.json"
Review or delete the skill's local `data` directory if you do not want betting history retained.