Back to skill
Skillv1.0.0
ClawScan security
Prediction Market Creator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 15, 2026, 1:32 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions mostly match the stated purpose, but there are important inconsistencies and sensitive requirements (notably an Ethereum PRIVATE_KEY) that you should understand before installing.
- Guidance
- This skill is functionally coherent but has important risks and a transparency gap. Before installing: (1) do not provide your main wallet private key — test with a throwaway/testnet wallet with minimal funds only; (2) verify the hardcoded contract address and the contract's source/behavior (you will spend value when openNewMarket is called); (3) confirm the betbud.live / Bubble workflow endpoint is legitimate and that you are okay with the skill posting market data (including your wallet address and question text) to that endpoint; (4) confirm the third-party Twitter API service (twitterapi.io) is trustworthy and matches your account/limits; (5) ask the publisher to fix the registry metadata to list required env vars and to publish a repository/homepage for review; (6) review the code yourself or have a developer audit it to ensure no hidden exfiltration of secrets occurs (the code currently appears to use the secrets only for intended API/tx calls, but providing a private key to third-party code is inherently risky). If you're not comfortable with these risks, do not install or run this skill with any real wallet/private keys.
Review Dimensions
- Purpose & Capability
- noteThe skill's name/description (create prediction markets from crypto Twitter using Claude and Unsplash) align with the included code and SKILL.md: it fetches tweets, calls Anthropic, fetches Unsplash images, signs transactions on a Base Sepolia contract, and posts to betbud.live. However, the registry metadata declares no required environment variables while both SKILL.md and skill.py require multiple sensitive API keys (Twitter, Anthropic, Unsplash), RPC_URL and a PRIVATE_KEY — this metadata omission is an incoherence.
- Instruction Scope
- noteSKILL.md and skill.py limit actions to fetching tweets, calling Claude, obtaining images, creating a blockchain market, registering via a Bubble.io workflow, and maintaining a local cache. The runtime does read/write a local cache file (recent_predictions.json) and loads secrets from .env. It does not appear to instruct reading arbitrary system files. One behavior to verify: the Bubble workflow endpoint is used without auth (code comments claim it's public) — confirm that posting bot-created markets to that endpoint is intended and safe.
- Install Mechanism
- okNo install spec is provided (instruction-only plus Python files and requirements). The repo uses standard Python packages listed in requirements.txt; nothing in the install surface (no remote arbitrary downloads) raises additional flags.
- Credentials
- concernThe skill requires multiple sensitive environment values (TWITTERAPI_IO_KEY, ANTHROPIC_API_KEY, UNSPLASH_ACCESS_KEY, RPC_URL, and an Ethereum PRIVATE_KEY). Those map to the declared runtime behavior (API calls, blockchain transactions), so they are functional requirements — but PRIVATE_KEY is highly sensitive: the skill will sign on-chain transactions using that key. The registry metadata not declaring these env vars is a mismatch and reduces transparency.
- Persistence & Privilege
- notealways:false (normal). The skill writes a local cache file (recent_predictions.json) and will sign and broadcast blockchain transactions using the provided PRIVATE_KEY and RPC_URL. Autonomous invocation is permitted by default; combined with access to a private key this increases blast radius if keys are compromised — use a wallet with limited funds/permissions for testing.