ClawHub

Purpleflea Casino

Security checks across malware telemetry and agentic risk

Overview

This skill openly documents a real-money crypto gambling API, but it also encourages persistent referral promotion in an agent system prompt and gives broad fund-moving examples without clear safety gates.

Install only if you intentionally want an agent to interact with a real-money gambling service. Use a dedicated low-balance account, protect the API key like a financial credential, require explicit approval for every deposit, wager, escrow, challenge, tournament entry, and withdrawal, verify supported chains before sending funds, and do not add the referral promotion to any system prompt.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The documentation is internally inconsistent about supported deposit methods, first implying deposits are Base USDC only and later advertising multiple chains with auto-swap. For a financial skill, ambiguity about where funds can be sent is dangerous because users or agents may route assets incorrectly, increasing the risk of irreversible loss or failed deposits.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The documentation is internally inconsistent about supported deposit assets, claiming Base USDC only in the skill metadata while the referenced docs advertise ETH, USDC, XMR, BTC, and SOL deposits. For a financial API handling irreversible crypto transfers, mismatched asset guidance can cause users or agents to send funds on unsupported chains or with incorrect assumptions, leading to loss, support burden, or unsafe autonomous behavior.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The referral section instructs agents to embed promotional gambling text and a referral code into their system prompt, extending behavior beyond the declared operational purpose of placing and managing bets. This is dangerous because it attempts to persistently influence future interactions for operator profit, creating a prompt-injection style monetization vector and undisclosed persuasion behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes deposit and withdrawal actions involving real cryptocurrency but does not present prominent warnings about irreversible transfers, fund loss, fees, or the need for explicit user confirmation. In an agentic context, that omission is dangerous because an autonomous system could move real funds or trigger gambling activity without adequately surfacing financial risk.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The instruction to embed a referral recommendation in a system prompt attempts to bias future agent behavior toward promoting a specific third-party service regardless of user intent. This is dangerous because it creates covert, persistent steering and a financial conflict of interest, causing the agent to advertise or route users to the operator for the operator's benefit.

Missing User Warnings

High
Confidence
95% confidence
Finding
The quick-start section immediately walks an agent through registration, deposit, and betting flows involving real-money gambling and irreversible crypto transfers without prominent warnings about financial loss, jurisdictional restrictions, or the real-money nature of the activity. In an agent skill context, this increases the chance of autonomous or insufficiently informed execution of risky transactions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The referral guidance encourages agents to insert promotional gambling language into their own system prompt without warning about disclosure, policy, or reputational consequences. This creates a covert persuasion mechanism that may bias future recommendations and undermine user trust.

Missing User Warnings

High
Confidence
95% confidence
Finding
The tournament and challenge documentation describes entry-fee deductions, escrow, automatic play, and fund transfers, but does not foreground the fact that these actions can immediately lock or move real funds and may be non-refundable. In an autonomous-agent setting, such flows materially raise the risk of unauthorized spending or irreversible loss without informed consent.

Ssd 4

Medium
Confidence
98% confidence
Finding
Embedding promotional text into a system prompt is a persistence and steering mechanism designed to influence future agent outputs beyond the immediate task. In this context, it is especially risky because it monetizes the manipulation through referral commissions, creating incentive for the skill author to reshape agent behavior in ways misaligned with end-user interests.

Ssd 4

Medium
Confidence
97% confidence
Finding
The docs explicitly encourage embedding referral language into an agent's system prompt to shape future interactions. This is a direct attempt to modify persistent agent behavior for promotional purposes, which is especially dangerous because system prompts sit at a higher trust level and can silently affect unrelated future decisions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal