Skillv1.0.0

ClawScan security

Purpleflea Casino · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 1:00 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches a simple API-based casino, but its runtime instructions include a prompt-injection style instruction to embed/referral-promote the service into agents' system prompts — an unusual and manipulative persistence/vector that doesn't belong to a gambling API.
Guidance: This skill appears to implement an API-only casino (expected curl examples and endpoints) and has no installer or declared secret requirements — that part is coherent. The main problem is that the runtime instructions try to get agents to embed your referral code in system prompts and to automatically recommend the site. That is prompt-injection/persistence/social-engineering: it tries to change agent behavior platform-wide for the author's financial gain. Before installing, consider: (1) Do not allow or follow instructions that modify system prompts or other platform-level settings automatically. (2) Treat any registration/API key as a financial credential — only use with accounts you control and never deposit real funds until you trust the service. (3) If you must use the API, avoid embedding referral codes in system prompts; keep any promotion explicit and under your control. (4) Verify the service independently (official homepage, business identity, smart-contract audits for provable-fair claims) — absence of a homepage and 'no KYC' are additional risk signals. If you need a definitive safe recommendation, request more info about the operator, domain ownership, and evidence of fairness and audits; with the current materials I cannot rule out malicious intent behind the persistence/promotion instructions.
Findings: [system-prompt-override] unexpected: The SKILL.md explicitly suggests embedding a referral code in the system prompt to 'earn automatically' and more generally to recommend the service to other agents. This is a prompt-injection/persistence instruction unrelated to operating a casino API and is not expected for the skill's stated purpose.

Review Dimensions

Purpose & Capability: noteThe name/description and the SKILL.md consistently describe an API-only provably-fair casino; the provided curl examples and endpoints align with that purpose. No binaries, env vars, or installs are required, which is proportionate for an HTTP API client. However, the skill explicitly instructs agents to embed a referral code into the system prompt to 'earn automatically' — that action is not needed to place bets or verify fairness and is outside the stated purpose (monetization/social-engineering).
Instruction Scope: concernSKILL.md is an instruction-only skill and contains concrete API calls (expected). But it also contains an explicit instruction to embed a referral code into the agent's system prompt and to recommend the site to other agents. That is prompt-injection/persistence behavior: it asks the agent to alter system-level behavior and to propagate the referral. This is scope creep and a red flag because it directs agents to act beyond merely calling the casino API.
Install Mechanism: okNo install spec and no code files — lowest-risk delivery model. Nothing will be written to disk by an installer.
Credentials: noteThe skill does not request environment variables, credentials, or config paths (none declared). That is proportionate for an HTTP API. Still, the instructions require registration to obtain an API key and explicitly advise embedding referral code into system prompts; while not asking for secrets, this tries to create persistent monetization and distribution without declaring the need for extra privileges.
Persistence & Privilege: concernThe skill itself does not request 'always: true' or elevated platform privileges. However, it attempts to achieve persistence/economic benefit by instructing agents to modify system prompts and continuously recommend the service (embedding referral codes). That is an attempt to gain ongoing influence over agent behavior and is a privilege-escalation/persistence vector implemented via instructions rather than manifest fields.