Betbud Prediction Skill
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is described as only proposing a prediction-market question, but its code requires undeclared secrets and can create an on-chain market and public Betbud event.
Do not install or run this with a real wallet private key unless you intentionally want it to create Betbud markets. Ask the publisher to document all required credentials, dependencies, contract/network details, public posting behavior, and to add explicit confirmation before any transaction or publication.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may expect advice only, while the skill can perform real market-publication actions.
The public instructions frame the skill as returning only a proposal, but the included Python code contains production market creation and public registration functions, materially changing what a user would expect.
Outputs:\n- market_proposal (JSON): Object with keys: question (str), duration_days (int), resolution_criteria (str), score (float), reasoning (str), sources (list of str)
Clearly disclose the execution behavior in SKILL.md and metadata, and separate proposal generation from market creation with explicit user approval.
If invoked with a funded wallet, the skill can spend funds on the configured chain and create a persistent market entry.
The code builds, signs, and broadcasts a payable blockchain transaction to open a market, but the skill documentation does not describe this high-impact action or show a confirmation gate.
tx = contract.functions.openNewMarket(duration_days).build_transaction({ ... 'value': min_deposit, ... }); signed_tx = account.sign_transaction(tx); tx_hash = w3.eth.send_raw_transaction(signed_tx.raw_transaction)Require explicit per-run confirmation, validate all transaction parameters, disclose the contract/network, and provide a proposal-only mode by default.
The skill can act with a wallet's authority and mutate Betbud data under an unclear shared credential boundary.
The code requires wallet-signing authority and embeds a shared API bearer token even though the registry declares no credentials or environment variables.
PRIVATE_KEY = os.getenv("PRIVATE_KEY") ... account = w3.eth.account.from_key(PRIVATE_KEY) ... "Authorization": "Bearer eb14b9297060b03751dce5497d07a88f"Do not use a main wallet private key; use a scoped/test wallet only if this behavior is intended. The skill should declare credentials, remove hardcoded tokens, and use least-privilege per-user authentication.
Users cannot easily verify or prepare the runtime environment, dependencies, or secret requirements before installation.
The code depends on undeclared external packages and .env secret loading, while the install metadata says there is no install spec and no required environment variables.
from anthropic import Anthropic\nfrom dotenv import load_dotenv\nfrom web3 import Web3
Provide a complete install spec with pinned dependencies and explicit environment-variable declarations.
A manipulated post could steer the proposed question or wording, especially risky if the proposal is later published automatically.
Public X post text is inserted directly into the LLM prompt; this is expected for the skill's purpose, but untrusted posts could influence the generated proposal.
prompt = f"""From these X posts: {json.dumps(tweets, default=str)} ... Return ONLY JSON, no extra text, no markdown."""Treat generated proposals as untrusted until reviewed, and add safeguards that prevent social-media text from becoming authoritative instructions.