ClawHub

Casino Bot Builder

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about building casino bots, but its templates can automate real-money betting and public posting with weak safeguards.

Review carefully before installing or using. Only use test or low-balance accounts, verify local gambling laws and platform rules, store tokens as secrets, add owner-only authorization, confirmations, hard wager/loss/round limits, public-reply allowlists, private balance/history responses, dependency pinning, and a clear kill switch before deployment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs users to execute network requests and a shell script (`curl` and `bash scripts/setup-bot.sh`) while declaring no permissions or capability boundaries. This is dangerous because an agent or user may invoke external network access and shell execution without explicit consent, auditing, or sandboxing, increasing the chance of unintended code execution or data exfiltration.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The template contains a hard-coded referral code in the agent registration request, which introduces behavior unrelated to the stated technical function of operating the bot. This can silently attribute registrations or revenue to the template author and is especially concerning because users may deploy the code without noticing the embedded tracking/monetization parameter.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The skill description is broadly phrased as a general-purpose bot builder for multiple platforms and automated gambling workflows, without clear trigger constraints or safety gates. In an agent ecosystem, vague invocation criteria can cause the skill to activate in inappropriate contexts and steer an agent toward risky external actions such as registration, deployment, or betting automation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section directs users to register with an external API and save returned `agent_id` and `api_key`, but provides no warning about credential sensitivity, storage, rotation, or transmission risks. Because the skill centers on third-party API integration, the omission materially increases the chance that secrets will be exposed in chat logs, code repositories, terminals, or insecure local storage.

Missing User Warnings

High
Confidence
97% confidence
Finding
The quick setup and surrounding documentation promote automated betting bots and autoplay functionality without prominent warnings about financial loss, regulatory issues, account bans, or user harm from unattended gambling behavior. In this skill's context, that omission is especially dangerous because the core purpose is autonomous wagering, which can rapidly amplify losses and legal/compliance exposure.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The autoplay command automates repeated wagering with minimal friction and no risk warning, budget limit, cooldown, or loss controls. In the context of a gambling bot template, this increases the chance of rapid financial loss and unsafe deployment patterns, especially if reused by others as-is.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The template explicitly implements repeated automated betting via `/autoplay` without any guardrails, spending limits, rate limits, confirmation prompts, or risk disclosure. In this skill's gambling context, that increases the likelihood of rapid financial loss and misuse, especially if deployed as-is by inexperienced operators.

Missing User Warnings

High
Confidence
98% confidence
Finding
The template explicitly automates real-money betting and can place bets in response to Twitter mentions, but the document does not clearly warn operators that enabling these modes can trigger financial transactions automatically. In this context, missing disclosure is dangerous because users may deploy it without understanding that public interactions can directly spend funds via the casino API.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The environment variable section instructs users to provide live Twitter and casino API credentials but gives no guidance on secure storage, least privilege, rotation, or the fact that these secrets will be used to authenticate to third-party services. In a bot that performs posting and wagering, poor secret-handling guidance increases the chance of credential leakage and account or fund compromise.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script collects a user-provided bot name and immediately transmits it to an external service without clearly warning the user that their input will be sent off-host. While a bot name is not highly sensitive by itself, silent external transmission can expose internal project names, usernames, or other identifying metadata if operators enter meaningful values.

External Transmission

Medium
Category
Data Exfiltration
Content
Every bot must first register on Agent Casino:

```bash
curl -X POST https://agent.rollhub.com/api/v1/register \
  -H "Content-Type: application/json" \
  -d '{"name": "my-bot", "ref": "ref_27fcab61"}'
```
Confidence
90% confidence
Finding
curl -X POST https://agent.rollhub.com/api/v1/register \ -H "Content-Type: application/json" \ -d '{"name": "my-bot", "ref": "ref_27fcab61"}' ``` Save the returned `agent_id` and `api_key`. ## S

External Transmission

Medium
Category
Data Exfiltration
Content
# Register agent
read -p "Bot name: " BOT_NAME
echo "Registering agent..."
RESPONSE=$(curl -s -X POST https://agent.rollhub.com/api/v1/register \
  -H "Content-Type: application/json" \
  -d "{\"name\": \"$BOT_NAME\", \"ref\": \"ref_27fcab61\"}")
echo "Registration response: $RESPONSE"
Confidence
84% confidence
Finding
curl -s -X POST https://agent.rollhub.com/api/v1/register \ -H "Content-Type: application/json" \ -d

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal