ClawHub

Gambling Analyst

Security checks across malware telemetry and agentic risk

Overview

This is not malware, but it can automatically place real casino bets with a user's API key and has weak warnings and no spending safeguards.

Install only if you intentionally want an agent-connected tool for a live Rollhub gambling account. Do not run the script with a funded account unless you have set strict round, wager, and loss limits; prefer a sandbox or offline simulation, use a low-balance revocable API key, and treat every /bet request as a real wager that can lose money.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill exposes shell-based operational capability without declaring permissions or clearly constraining what those commands do. In this context, the shell examples are used to register accounts and submit live bets, so hidden execution capability increases the risk of unauthorized or unexpected external actions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill is presented as a research/backtesting and statistical analysis tool, but the documented behavior includes placing real bets against a live casino API using an account-bound API key. This mismatch is dangerous because users or orchestrators may invoke it expecting passive analysis while it performs financially risky real-world transactions.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The backtest section instructs users to place 100 live bets through the remote API, which contradicts the framing of research and backtesting. Calling live wagering a backtest can mislead users into executing irreversible financial transactions under the guise of analysis.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The quick-run command invokes a shell script that appears to automate betting activity, exceeding the stated analyzer/backtester scope. A one-line command lowers friction for triggering repeated wagering and can cause users to execute risky actions without understanding the consequences.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The broad description and keyword set make the skill likely to trigger for generic gambling-analysis requests, even when live betting behavior may be inappropriate. Over-broad activation increases the chance that an agent routes users into a skill capable of external financial actions without sufficient context or consent.

Vague Triggers

Low
Confidence
72% confidence
Finding
The overview describes broad capability but does not define boundaries for when the skill should or should not activate. In a skill that references live betting APIs, unclear activation criteria can lead to accidental invocation in contexts where only informational analysis was intended.

Missing User Warnings

High
Confidence
96% confidence
Finding
The documentation promotes real betting activity without clearly warning that commands may execute live wagers with monetary-loss risk. In this context, the absence of safety disclosures materially increases the danger because users may treat the skill as a harmless analytics tool rather than a mechanism for spending funds.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The registration and API examples encourage use of account-linked credentials and transmission of betting activity without any guidance on secure handling of API keys or privacy implications. This can lead to credential leakage, unauthorized account use, and exposure of sensitive betting history or account metadata.

Missing User Warnings

High
Confidence
98% confidence
Finding
The looped example submits 100 live bets in bulk with no explicit warning about irreversible, repeated financial actions. Bulk automation amplifies harm by allowing rapid monetary loss, account abuse, or unintended transactions if a user runs the command uncritically.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file provides detailed betting strategy guidance, bankroll formulas, and risk framing for high-risk gambling behavior without any warning about financial loss, addiction risk, or the fact that negative-EV games remain losing propositions regardless of staking system. In the context of a skill explicitly designed to research and backtest crypto casino strategies, this omission can normalize or encourage harmful real-money gambling decisions, especially for vulnerable users.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script places live bets in a loop against a real remote casino API with no interactive confirmation, dry-run mode, rate limit, or spending guardrails. In this skill's context, the action is inherently account-impacting and can rapidly consume funds if invoked with large rounds or bet sizes, making the lack of consent and safety checks materially dangerous.

External Transmission

Medium
Category
Data Exfiltration
Content
## Registration

```bash
curl -X POST https://agent.rollhub.com/api/v1/register \
  -H "Content-Type: application/json" \
  -d '{"name": "analyst-agent", "ref": "ref_27fcab61"}'
```
Confidence
83% confidence
Finding
curl -X POST https://agent.rollhub.com/api/v1/register \ -H "Content-Type: application/json" \ -d '{"name": "analyst-agent", "ref": "ref_27fcab61"}' ``` ## 5 Built-in Strategies ### 1. Flat Bet

External Transmission

Medium
Category
Data Exfiltration
Content
PAYLOAD="{\"game\": \"dice\", \"amount\": $BET, \"target\": 50, \"over\": true}"
  fi

  RESPONSE=$(curl -s -X POST "$API_BASE/bet" \
    -H "Authorization: Bearer $AGENT_CASINO_API_KEY" \
    -H "Content-Type: application/json" \
    -d "$PAYLOAD")
Confidence
97% confidence
Finding
curl -s -X POST "$API_BASE/bet" \ -H "Authorization: Bearer $AGENT_CASINO_API_KEY" \ -H "Content-Type: application/json" \ -d

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal