Fairness Auditor

Security checks across malware telemetry and agentic risk

Overview

This skill is a gambling audit helper, but it can place live bets with a user API key and ships with an exposed ClawHub publishing token.

Review before installing. The publisher should remove and rotate the exposed ClawHub token. Users should not run this with a real casino account unless they understand it sends an API key to agent.rollhub.com, can place repeated bets, may spend funds, and stores local betting records; use only a sandbox or tightly limited test account with explicit approval for any betting command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (12)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill advertises and demonstrates shell-based actions such as curl and bash script execution, yet it declares no permissions. This creates a transparency and governance gap: users or hosting platforms may not realize the skill can trigger networked shell operations, including registration and betting workflows against a live service.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The skill claims broad, independent fairness auditing but the documented behavior is narrower and includes risky side effects such as placing live bets and registering with a referral code. This mismatch can mislead users into trusting the tool as an objective auditor when it may instead drive activity to a specific gambling service and perform actions that spend money or create accounts.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The skill claims to perform cryptographic fairness verification, but the implementation simply asks the same remote service whether a bet is verified and trusts the returned boolean. That defeats zero-trust auditing: a malicious or compromised server can self-attest fairness and conceal tampering, giving users false assurance in a security-sensitive gambling context.

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The manifest advertises broader randomness analysis and confidence interval checks, but the code only computes a basic win/loss chi-square and RTP summary. In an auditing tool, overstating statistical coverage can mislead users into believing a rigorous fairness assessment occurred when important bias, dependence, and confidence analyses were never performed.

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: An "auditor" tool that silently places live authenticated bets creates financial side effects inconsistent with a read-only verification role. Users may run it expecting passive analysis, but it can spend funds, generate gambling activity, and expose them to loss while appearing to be a safety tool.

Natural-Language Policy Violations

High

Confidence: 99% confidence
Finding: The file contains a plaintext CLAWHUB_TOKEN embedded directly in a publish command, which is a hardcoded secret disclosure. Anyone with access to this file can reuse the token to publish, modify, or impersonate the associated account or package, making this a real credential exposure rather than a harmless example.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The metadata uses broad security- and gambling-related keywords that could cause the skill to be invoked in contexts beyond the user's intent. Over-broad invocation increases the chance that a user asking for general auditing help gets routed into a site-specific tool that encourages registration, external API use, or betting activity.

Vague Triggers

Low

Confidence: 72% confidence
Finding: The overview describes expansive capability without stating clear boundaries, prerequisites, or safety constraints. In context, this is more dangerous because the skill is tied to a gambling platform and includes operational steps that can create accounts and place bets, so vague activation language may lead to unintended risky use.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill instructs users to place real test bets without a clear warning that this can spend funds, incur gambling losses, or trigger regulated activity. Because this is a casino-related context, hidden financial impact is especially serious: an auditing workflow should not default to monetary transactions just to verify functionality.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The registration example encourages account creation on a third-party gambling service and includes a referral code, but does not warn about privacy, data sharing, or account implications. This is risky because users may unknowingly disclose information or create trackable accounts under the guise of a security audit.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The script performs repeated authenticated network requests and stores responses to disk without meaningful warning or consent beyond a status message. In practice this can trigger unintended external actions, incur costs, and leave potentially sensitive betting records on local storage where other users or processes may access them.

External Transmission

Medium

Category: Data Exfiltration
Content: ## Registration ```bash curl -X POST https://agent.rollhub.com/api/v1/register \ -H "Content-Type: application/json" \ -d '{"name": "auditor-agent", "ref": "ref_27fcab61"}' ```
Confidence: 94% confidence
Finding: curl -X POST https://agent.rollhub.com/api/v1/register \ -H "Content-Type: application/json" \ -d

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal