Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Bet Slip Parser
v1.1.0Parse bet slips from text, natural language, or screenshots into structured JSON. Extracts stake, odds, bet type, selection, and sportsbook. Supports singles...
⭐ 0· 60·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description match the instructions: the skill only parses bet-slip text, natural language, and screenshots into structured JSON. It does not request unrelated credentials or system access, and supported sportsbooks/bet types are coherent with the stated purpose.
Instruction Scope
The SKILL.md contains many inline shell/python code snippets and instructs the agent to parse screenshots (requires OCR/vision). However the instructions do not declare or explain how OCR/text-extraction will be performed or what OCR tool/library to use. Also the doc repeatedly uses python3 inline, but python3 is not listed as a required binary. The SKILL.md appears truncated mid-sentence (timestamp rule), reducing clarity about final output behavior.
Install Mechanism
This is instruction-only (no install step), which minimizes disk-writing risk. However, because it expects to run shell snippets (echo | python3) and read images, a runtime environment must provide python3 and some OCR/vision capability; those dependencies are not declared. That omission is a practical coherence issue and a security surface (the agent may execute arbitrary shell/python commands if invoked).
Credentials
The skill declares no environment variables, no credentials, and no config paths — appropriate for a parser that only processes user-provided bet slips. There is no request for unrelated secrets or cloud credentials.
Persistence & Privilege
The skill is not always-enabled, does not request persistence, and allows model invocation (normal default). There is no evidence it attempts to modify other skills or system-wide settings.
What to consider before installing
This skill's purpose (extracting structured bet data) is reasonable and it doesn't ask for credentials, but there are mismatches you should resolve before trusting it:
- The SKILL.md uses python3 inline and expects OCR/vision for screenshots, yet the declared required binaries only list "bash" and there is no mention of python3, tesseract, or any OCR library. Ask the author to explicitly declare required binaries (e.g., python3, tesseract/pytesseract or an image-to-text API) or update the skill metadata.
- The skill runs shell and python snippets. Even though the shown snippets are benign conversions, executing arbitrary shell/python carries risk if the skill is changed later. Only enable/run this skill in an environment you control, or require code review before use.
- The SKILL.md appears truncated (timestamp rule cut off). Request the complete instructions to ensure there are no hidden behaviors.
- For screenshots, confirm how OCR is implemented and whether images are sent to any external service (privacy risk). If OCR uses a third‑party API, you should know which endpoint and whether credentials or user data will be transmitted.
If you plan to install/run this skill: 1) ensure python3 and an OCR tool are installed and declared; 2) test with non-sensitive sample data; 3) prefer running in an isolated environment; and 4) ask the publisher for the full SKILL.md and explicit dependency list. If the author cannot supply those, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
agentbetsvk973fb1sn9bz09brz8vxdjtp0d83ghesbettingvk973fb1sn9bz09brz8vxdjtp0d83gheslatestvk973fb1sn9bz09brz8vxdjtp0d83ghesopenclawvk973fb1sn9bz09brz8vxdjtp0d83ghesprediction-marketsvk973fb1sn9bz09brz8vxdjtp0d83ghessports-bettingvk973fb1sn9bz09brz8vxdjtp0d83ghes
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎫 Clawdis
Binsbash