Betbud Prediction Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: betbud-prediction-skill Version: 1.0.0 The skill is classified as suspicious due to its direct handling of highly sensitive credentials and a hardcoded API key. Specifically, `skill.py` loads a `PRIVATE_KEY` from environment variables and uses it to sign and send value-transferring blockchain transactions via the `create_market` function. Additionally, a Bubble.io API key is hardcoded within the `register_bubble_event` function, exposing a secret. While these actions align with the skill's stated purpose of creating prediction markets, the direct use of a private key for on-chain transactions represents a significant security risk and requires extreme trust in the execution environment, and the hardcoded key is a vulnerability.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may expect advice only, while the skill can perform real market-publication actions.
The public instructions frame the skill as returning only a proposal, but the included Python code contains production market creation and public registration functions, materially changing what a user would expect.
Outputs:\n- market_proposal (JSON): Object with keys: question (str), duration_days (int), resolution_criteria (str), score (float), reasoning (str), sources (list of str)
Clearly disclose the execution behavior in SKILL.md and metadata, and separate proposal generation from market creation with explicit user approval.
If invoked with a funded wallet, the skill can spend funds on the configured chain and create a persistent market entry.
The code builds, signs, and broadcasts a payable blockchain transaction to open a market, but the skill documentation does not describe this high-impact action or show a confirmation gate.
tx = contract.functions.openNewMarket(duration_days).build_transaction({ ... 'value': min_deposit, ... }); signed_tx = account.sign_transaction(tx); tx_hash = w3.eth.send_raw_transaction(signed_tx.raw_transaction)Require explicit per-run confirmation, validate all transaction parameters, disclose the contract/network, and provide a proposal-only mode by default.
The skill can act with a wallet's authority and mutate Betbud data under an unclear shared credential boundary.
The code requires wallet-signing authority and embeds a shared API bearer token even though the registry declares no credentials or environment variables.
PRIVATE_KEY = os.getenv("PRIVATE_KEY") ... account = w3.eth.account.from_key(PRIVATE_KEY) ... "Authorization": "Bearer eb14b9297060b03751dce5497d07a88f"Do not use a main wallet private key; use a scoped/test wallet only if this behavior is intended. The skill should declare credentials, remove hardcoded tokens, and use least-privilege per-user authentication.
Users cannot easily verify or prepare the runtime environment, dependencies, or secret requirements before installation.
The code depends on undeclared external packages and .env secret loading, while the install metadata says there is no install spec and no required environment variables.
from anthropic import Anthropic\nfrom dotenv import load_dotenv\nfrom web3 import Web3
Provide a complete install spec with pinned dependencies and explicit environment-variable declarations.
A manipulated post could steer the proposed question or wording, especially risky if the proposal is later published automatically.
Public X post text is inserted directly into the LLM prompt; this is expected for the skill's purpose, but untrusted posts could influence the generated proposal.
prompt = f"""From these X posts: {json.dumps(tweets, default=str)} ... Return ONLY JSON, no extra text, no markdown."""Treat generated proposals as untrusted until reviewed, and add safeguards that prevent social-media text from becoming authoritative instructions.