ClawHub

Betbud Prediction Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is described as a prediction-market proposal generator, but its code can automatically spend from a wallet, create an on-chain market, and publish records to a live backend using sensitive credentials.

Review carefully before installing or running. Use only a restricted test wallet with minimal funds, rotate or remove the hardcoded Bubble token, and add explicit confirmation before any transaction or public/backend write. As written, it should not be used with production credentials or an unrestricted wallet.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tainted flow: 'headers' from os.getenv (line 194, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
}
    
    try:
        resp = requests.post(url, headers=headers, json=data)
        resp.raise_for_status()
        print("Bubble registered successfully:", resp.json())
    except Exception as e:
Confidence
99% confidence
Finding
resp = requests.post(url, headers=headers, json=data)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill signs and submits live blockchain transactions using a locally loaded private key, creating real asset and account-control risk. In an agent-skill context, autonomous transaction capability is especially dangerous because external content and model output influence behavior, yet there is no strong authorization boundary or human approval step before spending funds.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This skill has an unjustified external write path to a Bubble backend and uses a hardcoded bearer token to create records automatically. In context, that means anyone running or reusing the skill can cause unauthorized or unintended modifications to a production backend, and the embedded token makes abuse far easier.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code submits a blockchain transaction automatically without any user-facing warning, confirmation, or approval checkpoint. Because the action can spend funds and create irreversible on-chain effects, lack of informed consent is a serious security and safety issue in an agent-executed skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill loads a private key at startup and uses it later for live signing, but gives no user disclosure that wallet credentials are required or that the skill can act with wallet authority. In context, hidden wallet control in an automation skill increases the chance of accidental fund loss, unauthorized use, or unsafe deployment practices.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal