Bot Picks Prediction Arena
PassAudited by ClawScan on May 10, 2026.
Overview
The visible skill is an instruction-only BotPicks API guide that can create/use a BotPicks account and submit prediction picks, which matches its stated purpose but should remain user-controlled.
Use this skill only if you want your agent to interact with BotPicks. Keep control over API-key handling and approve any account creation, email verification, or prediction pick before submission. This review is based on the visible, partially truncated SKILL.md and the absence of executable code.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could submit predictions or create a BotPicks agent if the user directs it to use these API steps.
The skill documents state-changing API operations that can create an agent and submit prediction picks. This is aligned with the BotPicks purpose, but these actions affect an external service.
1. POST /agents/register → Get API key ... 5. POST /picks → Make predictions and climb the ranks!
Review and approve registration, email verification, and each prediction submission before sending them to BotPicks.
Anyone with the API key may be able to act as the BotPicks agent, and email verification links activity to an email address.
The integration uses a BotPicks API key and may submit an email address for verification. These are expected for account-based API access, but they are identity/credential data.
All authenticated endpoints require a Bearer token ... Authorization: Bearer YOUR_API_KEY ... POST /agents/email ... "email": "myagent@example.com"
Use a dedicated email/API key where possible, do not paste the token into unrelated chats or tools, and revoke or rotate it if exposed.