ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

BallBall

v1.0.0

足球赛事预测神器。自动采集 titan007.com 数据(亚盘、大小球、欧赔、基本面、阵容、角球、半全场), 5 步量化分析框架,输出投注建议与预测比分。Football match betting prediction system. Auto-scrapes data from m.nowscore.com...

0· 39·0 current·0 all-time
by@owaio

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for owaio/ballball.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "BallBall" (owaio/ballball) from ClawHub.
Skill page: https://clawhub.ai/owaio/ballball
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install owaio/ballball

ClawHub CLI

Package manager switcher

npx clawhub@latest install ballball
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to auto-scrape betting data and run a prediction framework, which is coherent. However the manifest declares no runtime/tool requirements or config paths, while SKILL.md prescribes browser-based scraping (browser navigate/act/console exec) and writing persistent files under user home directories (~/.hermes/... and ~/.claude/projects/*). These runtime capabilities (a browser tool and filesystem persistence) are required for the described purpose but are not declared in the registry metadata. The description also mentions titan007 and m.nowscore inconsistently (SKILL.md uses m.nowscore).
!
Instruction Scope
The SKILL.md instructs the agent to: navigate to pages with 'browser navigate', execute page JS via 'browser console exec', extract many data points, and mandatory-write predictions/history and framework updates to hidden paths in the user's home directory. It also instructs 'recall ALL pre-match data' and 'auto-fetch' results. These steps go beyond a simple stateless query: they require a browsing tool capable of executing arbitrary JS and persistent write/read access to user memory files. The instructions are prescriptive ('must write', 'not stored = incomplete'), giving the skill broad discretion to read/write local agent memory and project files.
Install Mechanism
There is no install spec or code — the skill is instruction-only, which minimizes installation risk. However it implicitly depends on platform tooling (a 'browser' tool with navigate/act/console exec capability) and the agent's ability to write files in the user's home directory; those runtime dependencies are not declared in the manifest.
!
Credentials
The manifest declares no credentials or config paths, yet the runtime instructions require writing and persisting data into hidden home paths (e.g., ~/.hermes/workspace/memory/football-match-history.md and ~/.claude/projects/*/memory/*). The use of a wildcard path under ~/.claude/projects/* could touch multiple project memories. While these are not external credentials, they are sensitive local storage locations used by the agent platform; the skill's write/read use of them should have been declared and justified. No external network endpoints aside from public data sites are requested.
!
Persistence & Privilege
The skill does not set always:true, but it explicitly requires persistent storage of match history and model parameters to hidden home directories and project memory locations. That persistent presence (writing to ~/.hermes and ~/.claude/projects/*) can give the skill long-term access to user-stored agent memory and cross-session learning. The manifest did not declare this persistence requirement or the target paths, and the wildcard project path increases scope.
What to consider before installing
This skill appears to do what it says (scrape betting sites and produce predictions), but exercise caution before installing: - Missing declarations: SKILL.md requires a 'browser' tool (browser navigate/act/console exec) and persistent file writes under ~/.hermes and ~/.claude/projects/*, yet the manifest lists no required tools or config paths. Confirm your agent environment provides the necessary browser tool and that you are comfortable with these file writes. - Persistent writes: The skill mandates saving match-history and model updates to hidden directories in your home (~/.hermes/... and ~/.claude/projects/*/memory/...). That will persist data across sessions and could interact with other project memories (wildcard path). If you do not want persistent storage or cross-project writes, do not install or modify the SKILL.md to change the storage path. - JS execution risk: The skill instructs executing page JS via browser console exec for extraction. That lets the agent run arbitrary JavaScript on scraped pages. Only enable if you trust the scraping targets and the skill author. - Data privacy & legality: Scraping betting sites and storing records may have legal or policy implications depending on jurisdiction and site terms of service; review legality and site policies first. - Publisher/source uncertainty: The package metadata references a GitHub URL but the top-level metadata says 'Source: unknown' and 'Homepage: none' — verify the code/repository and author before trusting persistent access. Recommended actions before installing: 1) Ask the author to declare explicit runtime dependencies (browser tool) and the exact filesystem paths in the manifest. 2) Run the skill in a sandboxed agent environment or a throwaway account with no sensitive memories to see what it writes. 3) Inspect any files the skill creates (back them up and review contents) and remove or relocate them if needed. 4) If you don't want cross-project memory modification, request the author change the wildcard path (~/.claude/projects/*) to a single, explicit directory under the skill's control. Given these unexplained declarations and the mandatory persistent writes, treat the skill as suspicious until the above concerns are resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dty491gdgkxphwja629gwhx85e3pm
39downloads
0stars
1versions
Updated 22h ago
v1.0.0
MIT-0
@owaio
latest
Download

足球博彩预测 / Football Betting Prediction

三大工作流:数据采集 → 预测分析 → 赛后复盘

输出模式选择

用户请求预测时,询问或推断偏好的输出格式:

  • 简洁模式 (Concise): 快速结果 - 最佳推荐、概率、EV、预测比分
  • 可视化模式 (Visual/Detailed): 完整 HTML 报告,含数据表格、公式、图表

未指定时:默认使用可视化模式以获得最佳用户体验。

工作流一:赛前数据采集

用户提供比赛 ID 或比赛描述时,从 m.nowscore.com 采集数据。

  1. 构建 URL: https://m.nowscore.com/Analy/Analysis/{match_id}.htm
  2. 使用 browser navigate 打开页面
  3. 使用新球体育数据提取数据。详见 references/data-collection.md

关于首发阵容:首发阵容通常在开赛前30-60分钟公布。提前收集时标注"阵容待公布",使用现有阵容深度信息。接近开球时如有需要可重新检查。

需采集数据点:

  • 比赛信息(球队、联赛、时间、场地、天气)
  • 亚盘(让球盘):"即"和"早"行,所有机构
  • 大小球盘:"即"和"早"行,所有机构
  • 欧赔(胜平负):"即"和"早"行,前10+机构
  • 球队基本面(近期战绩、主客场、历史交锋、联赛排名)
  • 大小球增强数据:半场进球、角球
  • 首发阵容(如比赛前30-60分钟内可用)

采集完成后,立即进入工作流二。

⚠️ 存档规则(强制):预测完成后,必须将比赛ID、联赛、盘口、推荐、预测比分写入 ~/.hermes/workspace/memory/football-match-history.md。格式参照已有条目,状态标记为"待确认"。不存档=不完整。

工作流二:预测分析

对收集的数据运行五步预测框架。详见 references/prediction-framework.md

输出模式决定呈现方式:

  • 简洁:基于文本的快速摘要,关键数字
  • 可视化:完整 HTML 报告,数据表格、概率条、公式展示

步骤概述:

  1. 数据整理 - 将所有收集的数据分类整理
  2. 基本面分析 - 盘口合理性、走势追踪、机构意图、欧亚转换
  3. 盘口概率计算 - 计算亚盘和大小球的真实隐含概率
  4. 模型预测 - 两个逻辑回归模型:亚盘模型(权重:盘口0.35 > 基本面0.20+0.20 > 阵容0.15 > 战意0.10)和大小球模型(含xG、联赛因子、半场进球、角球等)
  5. EV 计算与推荐 - 计算每个投注选项的期望值,输出最佳推荐和预测比分

默认初始权重:基于 AI 概率判断设置,通过赛后复盘自动优化。

输出格式:

  • 亚盘分析及其赢盘概率
  • 大小球分析及其赢盘概率
  • 所有选项的 EV 值
  • 最佳投注推荐
  • 预测比分

工作流三:赛后复盘

用户提供比赛结果或请求复盘时触发。详见 references/review-framework.md

流程:

  1. 回顾本场比赛的所有赛前数据和预测分析
  2. 运行偏差分析,比较预测与实际结果
  3. 识别预测错误的根本原因
  4. 自动优化:根据预测误差调整特征权重
  5. 将更新后的框架保存到内存文件以持久化
  6. 输出所有已分析比赛的累计准确率统计

持久化:将框架更新和比赛历史保存到内存文件,以便跨会话学习。

目标:亚盘和大小球预测准确率均达到 70% 以上。

参考文档

Comments

Loading comments...