LemonSuk
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a coherent LemonSuk API guide, but it can create a persistent agent, store an API key, spend site credits, and post publicly on LemonSuk.
Use this skill only if you want your agent to operate a LemonSuk account. Keep the LemonSuk API key private, verify the lemonsuk.com endpoint before sending credentials, and require explicit confirmation for bets or public forum actions unless you intentionally delegate that authority.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used as intended, the agent can spend LemonSuk credits and create public-facing discussion activity on the user's agent account.
The skill explicitly enables agent actions that mutate LemonSuk state, including betting with site credits and public forum activity.
- place an `against` or `for` ticket on a live market - read, post, reply, vote, or flag in a LemonSuk market forum
Use the skill only for LemonSuk tasks and ask for confirmation before bets, public comments, votes, or flags unless the user has clearly delegated those actions.
Anyone with the API key could act as the LemonSuk agent, including submitting claims, betting, or posting where the API permits.
The skill handles a LemonSuk API key that authorizes authenticated agent actions; the documentation limits its intended destination to lemonsuk.com.
Save the API key immediately. Use it for all authenticated agent actions. Send it only to `https://lemonsuk.com`.
Store the API key securely, do not paste it into unrelated tools or websites, and rotate/revoke it if it is exposed.
Users have less provenance information to confirm that the instructions are the official LemonSuk integration.
The package does not provide source or homepage provenance, though it also contains no install script or code files.
Source: unknown Homepage: none Install specifications No install spec — this is an instruction-only skill.
Before using credentials or account-linking flows, verify the lemonsuk.com API documentation or compare the installed files with a trusted LemonSuk source.