Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Bankroll Manager — Cross-Platform P&L Tracker
v1.1.0Track bankroll across sportsbooks and prediction markets. Log bets, record results, calculate ROI, generate P&L reports, and enforce risk limits. Use when as...
⭐ 0· 87·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill describes a local P&L/bankroll tracker that uses sqlite; requesting sqlite3 as a required binary matches that purpose. However, the metadata also requires python3 even though the SKILL.md contains only sqlite3 commands and makes no mention of Python-based behavior, which is discordant.
Instruction Scope
SKILL.md instructs direct writes to a fixed local DB (~/.openclaw/data/bankroll.db) via sqlite3 INSERT commands but provides no database schema, initialization steps, or read/report queries. The instructions are minimal and give the agent leeway to run arbitrary sqlite3 commands against a user-local database; that is expected for a tracker but the lack of schema or safeguards increases risk of accidental data corruption.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest install risk (nothing downloaded or written to disk by the skill itself).
Credentials
No environment variables or credentials are requested (good). The declared binary requirements (sqlite3, python3) are minimal, but python3 appears disproportionate because the runtime instructions never reference Python. Either the metadata is inaccurate or important instructions are missing.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide config changes. It reads/writes a user-local database file (persistent data), which is expected for this purpose but should be considered when granting agent access to your profile/home directory.
What to consider before installing
This skill mostly looks like a simple local bankroll tracker, but take these precautions before installing or invoking it:
- Verify the python3 requirement: ask the author or inspect additional documentation. If the skill never uses Python, the metadata may be inaccurate.
- Backup and inspect ~/.openclaw/data/bankroll.db (and create the DB schema yourself) before letting the agent write to it. The SKILL.md provides only an INSERT example and no schema; running commands as-is could corrupt data.
- Confirm file permissions for ~/.openclaw/data so only you/your agent can access it — the skill will read/write a file in your home dir.
- Follow the AgentBets links to verify the publisher and documentation; the skill registry shows no homepage/source, which reduces provenance confidence.
- Because this skill executes sqlite3 commands, ensure the running agent environment actually contains sqlite3 (and that you trust it to run local commands). If you want less risk, require manual review of any DB-modifying commands before they run.
If you cannot verify the missing pieces (schema, why python3 is needed, or the publisher identity), treat the skill cautiously or prefer a vetted alternative.Like a lobster shell, security has layers — review code before you run it.
agentbetsvk9768z0rb1nc2ncy4jrzzt46h983hakrbettingvk9768z0rb1nc2ncy4jrzzt46h983hakrlatestvk9768z0rb1nc2ncy4jrzzt46h983hakropenclawvk9768z0rb1nc2ncy4jrzzt46h983hakrprediction-marketsvk9768z0rb1nc2ncy4jrzzt46h983hakrsports-bettingvk9768z0rb1nc2ncy4jrzzt46h983hakr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💰 Clawdis
Binssqlite3, python3