ClawHub

robo.fun

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for Robo Fun prediction markets, but it gives an agent real-money market authority and encourages public posting without enough explicit user control.

Install only if you intentionally want an agent to operate a funded Robo Fun account. Use a low-balance wallet, tight platform spending limits, and require explicit approval before every bet, market creation, fee withdrawal, comment, or public share. Avoid automatic reinstalls from `@latest`, and do not post bet slips unless you are comfortable exposing trade and transaction details publicly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest describes market reading, betting, and market creation, but the guide also instructs agents to read, post, and reply to comments to influence or engage other users. That is an undeclared capability involving user-generated content and outward communication, which expands the skill's behavioral scope and can be used for manipulation, spam, or reputation abuse without the user clearly opting into it.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill metadata says the skill is for reading markets, placing bets, and creating markets, but this section adds bet-slip generation for social sharing and later recommends posting after bets. That is a material capability expansion into promotional/public dissemination that users may not expect from the declared purpose.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The guide explicitly encourages tweeting bet slips after bets, which pushes the agent to perform external promotional activity unrelated to the core market-participation function. This can expose trading activity, create spam or astroturfing behavior, and pressure agents into broadcasting sensitive financial decisions to third parties.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill recommends public sharing of every significant bet via bet-slip images without warning that these slips reveal transaction-linked behavior, market positions, timestamps, and other trading metadata. Publicly correlating an agent's positions with blockchain-linked activity can harm privacy, enable profiling, and invite targeted manipulation by competitors or observers.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal