ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kelly Criterion Bet Sizer

v1.1.0

Calculate optimal bet sizes using Kelly Criterion. Supports single bets, fractional Kelly (quarter/half/three-quarter), multi-bet portfolio sizing, and max-b...

0· 74·0 current·0 all-time
by@rsquaredsolutions2026
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description align with required bits (only python3) and the SKILL.md implements Kelly calculations. Minor inconsistency: SKILL.md claims 'Built by AgentBets' with tutorial links, while the registry metadata lists source as unknown and homepage as none — this mismatch is unexplained but not by itself dangerous.
!
Instruction Scope
SKILL.md runs a python3 -c command with user-supplied BANKROLL, ODDS, TRUE_PROB arguments. The doc does not precisely specify expected formats (is TRUE_PROB 0.40 or 40?) and the example relies on shell substitution; if an agent inserts unsanitized user text into that shell command it could lead to command/argument injection or mis-parsing. Aside from that, instructions do not request unrelated files, env vars, or external endpoints.
Install Mechanism
Instruction-only skill with no install spec. Requires python3 on PATH — low-risk and proportionate for the stated calculations.
Credentials
No environment variables, credentials, or config paths requested. The level of access requested is minimal and appropriate for the task.
Persistence & Privilege
Skill is not always-loaded and does not request persistence or system-level changes. Autonomous invocation is allowed (platform default) but not combined with other privilege concerns here.
What to consider before installing
This skill appears to implement Kelly calculations correctly and only needs python3, but take these precautions before installing: (1) Verify the publisher/source — SKILL.md references AgentBets but registry metadata lacks a homepage. If provenance matters to you, ask the publisher for a source repo or contact info. (2) Confirm input formats: use true probability as a fraction (e.g., 0.40) unless the skill runner documents otherwise to avoid large errors. (3) Be cautious about how your agent substitutes user values into the provided python3 -c command: unsanitized inputs could cause shell/argument injection. Prefer a runner that passes arguments safely (argv) rather than interpolating into a shell string. (4) Remember this is financial advice: double-check results independently and consider regulatory/legal implications for betting in your jurisdiction.

Like a lobster shell, security has layers — review code before you run it.

agentbetsvk97azcbb2m2s5t1zk3e6hn73h583jatxbettingvk97azcbb2m2s5t1zk3e6hn73h583jatxlatestvk97azcbb2m2s5t1zk3e6hn73h583jatxopenclawvk97azcbb2m2s5t1zk3e6hn73h583jatxprediction-marketsvk97azcbb2m2s5t1zk3e6hn73h583jatxsports-bettingvk97azcbb2m2s5t1zk3e6hn73h583jatx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎯 Clawdis
Binspython3

Comments