Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sports Betting Analyzer

v1.0.0

智能体育彩票分析助手 - 基于数据分析和简单机器学习的比赛预测辅助工具。支持NBA、足球世界杯等赛事分析，提供数据收集、基础统计、概率预测和投注建议。重点在于辅助决策，而非预测结果。

⭐ 0· 131·0 current·0 all-time

by@nopedijah

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name, description, and the visible scripts (analyze.py, data_collector.py, prediction_model.py, report_generator.py) align with a sports betting analysis tool. However, the artifact includes a full Python virtualenv (venv) and many vendored packages (numpy, pip internals, etc.). Bundling a pre-built venv is disproportionate to the stated purpose (a requirements.txt listing numpy would normally suffice) and increases the attack surface because many third-party files are shipped and could be executed. Also the registry metadata claims 'instruction-only' but the package contains executable code — an inconsistency to question the publisher about.

ℹ

Instruction Scope

SKILL.md and README instruct only local analysis commands and creating a local config; the runtime scripts operate on local files (config/, data/, templates/) and write analysis_history.json and match data. The instructions do not request secrets or external credentials and current code uses simulated data. But the codebase contains comments and placeholders for future integration with external APIs (NBA API, odds aggregators). If those are enabled later they will require network access and credentials. Also a pre-scan found unicode-control-chars in SKILL.md (possible prompt-injection attempt) — the SKILL.md should be inspected raw for invisible control characters.

Install Mechanism

Registry metadata lists 'No install spec — instruction-only skill' but the distribution contains ~1000 files including a complete venv and third-party packages. That packaging choice is risky: it places many libraries and binaries in the skill bundle rather than declaring dependencies or using a trusted package manager. There is no remote download URL in the install spec (good), but the included venv increases surface for hidden/malicious code. It is unusual and disproportionate to include the full venv instead of a small requirements file.

✓

Credentials

The skill declares no required environment variables, primary credential, or config paths. The runtime scripts also do not read environment variables for secrets. All file I/O is limited to skill-local directories (config/, data/, templates/). This requested access is proportionate to the stated purpose.

✓

Persistence & Privilege

always is false and the skill does not request special agent privileges. It reads/writes files under its own skill directory (creating config and data files) which is normal. There is no evidence it modifies other skills or global agent config.

Scan Findings in Context

[unicode-control-chars] unexpected: A pre-scan found unicode control characters in SKILL.md. These can be used to hide or manipulate displayed content (prompt-injection style). SKILL.md should be inspected as raw bytes to confirm and remove unexpected invisible characters.

What to consider before installing

What to consider before installing: 1) Packaging inconsistency: The registry claims 'instruction-only' but the published bundle contains executable scripts and a full Python virtualenv (hundreds of third-party files). This is unusual — ask the publisher why a venv was bundled instead of listing dependencies and let you install them from trusted registries. 2) Inspect the code: Before running, review the scripts (analyze.py, data_collector.py, prediction_model.py, report_generator.py) for any network calls or hidden endpoints. The current MVP uses simulated data, but comments indicate future plans to connect to external APIs — those integrations could request credentials later. 3) Prompt-injection artifact: The SKILL.md contained unicode control characters in the static scan. View the SKILL.md file with a hex or raw viewer to ensure no invisible control characters or manipulative payloads are present. 4) Run in a sandbox: If you decide to try it, run the skill inside an isolated environment (container or VM) that has no access to your secrets, cloud credentials, or sensitive files. Do not run it on machines with active AWS/GCP credentials or developer tokens. 5) Replace the bundled venv: Prefer installing dependencies yourself (pip install -r requirements.txt) in a fresh virtualenv rather than using the shipped venv. That reduces risk from bundled third-party code. 6) Limit trust and use-case: The tool is for entertainment/analysis only and contains disclaimers. Do not use it to automate actual betting transactions without deeper audit and legal consideration. 7) If uncertain, decline: Because of the unexpected large vendored venv and the prompt-injection signal, treat this skill as untrusted until the author provides a clear explanation and a cleaner packaging (source repo, build/install instructions, and confirmation that no hidden control characters are used).

✗

venv/lib/python3.12/site-packages/numpy/_core/arrayprint.py:1568