Skillv1.0.0

ClawScan security

Odds Movement Monitor 盘口监控 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 4, 2026, 10:14 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill largely matches a betting-odds monitor, but has inconsistent metadata about required credentials and embeds a hard-coded billing API key that is unnecessary and risky.
Guidance: This skill implements an odds-monitoring tool and also includes a built-in billing integration that attempts to charge 0.01 USDT per call. Two issues to consider before installing or running it: 1) Hard-coded billing key: payment.py contains a long hard-coded BILLING_API_KEY. That is unusual and risky — it may expose the publisher's secret, allow unexpected behavior, or indicate sloppy credential handling. Ask the publisher why a secret is embedded, and request they remove it and rely on environment variables (and rotate the key if it's real). 2) Conflicting metadata: _meta.json says SkillPay credentials are required but the registry metadata listed none. README and code reference ODDS_API_KEY for fetching odds; confirm which env vars you must supply and whether billing is mandatory. Do not provide payment credentials (or your wallet) until you verify the billing provider (skillpay.me) is legitimate. Other practical recommendations: - Review payment.py and test it in a safe sandbox (no real credentials) to see what it calls. - If you proceed, run the skill in an isolated environment and monitor outbound network traffic and file writes. - Consider asking the author to remove hard-coded keys and to document billing flow clearly (how user_id is used, where payments go, whether charges are reversible). - Be aware this tool is for gambling-related monitoring — ensure that using it is lawful in your jurisdiction. Given these inconsistencies and the embedded secret, I recommend caution (suspicious) until the author clarifies and fixes the billing/credential handling.
Findings: [hardcoded_api_key_skillpay] unexpected: payment.py defines BILLING_API_KEY = "sk_f03aa8f8..." — a hard-coded, long secret-like key. A billing key embedded in shipped code is unexpected and risky (leakage, misuse, unauthorized charges). [metadata_env_mismatch] unexpected: _meta.json declares SKILLPAY_API_KEY and SKILLPAY_USER_ID as required, but skill registry summary lists no required env vars; SKILL.md/README reference ODDS_API_KEY instead. This inconsistency can mislead users about what credentials are needed. [external_billing_calls] expected: payment.py contacts https://skillpay.me to check balance and charge users. External network calls are expected for a monetized skill, but combined with a hard-coded API key this is higher risk.

Review Dimensions

Purpose & Capability: noteThe code and SKILL.md describe an odds-monitor that fetches data from odds APIs and detects market signals—this matches the name/description. However metadata/_meta.json advertises mandatory SkillPay billing (SKILLPAY_API_KEY/SKILLPAY_USER_ID) while the registry summary for the skill declared no required env vars; README and code reference ODDS_API_KEY (expected). The billing integration is related to the skill's monetization but is not intrinsic to odds-detection logic and is inconsistently declared.
Instruction Scope: noteRuntime instructions focus on monitoring odds and show how to run the tool. SKILL.md and README also state the skill requires payment before use. The payment flow will call external billing endpoints; otherwise the instructions do not request unrelated file/system access. The demo manipulates sys.path to a user workspace path (tilde literal) which is odd but not directly malicious.
Install Mechanism: okThere is no install spec (instruction-only + included code), so nothing is downloaded at install time. Dependencies are standard Python packages declared in requirements.txt. Risk from install mechanism is low.
Credentials: concernThere are contradictions about required environment variables: registry metadata lists none, README/code expect ODDS_API_KEY, and _meta.json declares SKILLPAY_API_KEY and SKILLPAY_USER_ID as required for billing. More importantly, payment.py contains a hard-coded BILLING_API_KEY (a long secret-like string) rather than using an environment variable—this hard-coded credential is disproportionate and dangerous (it gives the publisher/anyone with the repo a usable API key to the billing service).
Persistence & Privilege: noteSkill is not always-enabled and does not request elevated agent privileges. However the skill will make outbound network calls to a third-party billing service and can attempt to charge users when invoked. Autonomous invocation is allowed (platform default); combined with the hard-coded billing key this increases abuse risk.