ClawHub

Betting Research

Security checks across malware telemetry and agentic risk

Overview

This sports betting research skill mostly does what it says, but it can automatically run a separate local X/Twitter search skill that is not clearly disclosed or bounded.

Review before installing. Use this only if you are comfortable with match and team names being sent to sports-data providers, local API keys being read from the documented config files, and a separately installed search-x skill being executed for X/Twitter intelligence when present. Consider removing or disabling the search-x calls unless you trust that local skill and its API-key handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
search_script = Path.home() / ".openclaw" / "workspace" / "skills" / "search-x" / "scripts" / "search.js"
        if search_script.exists():
            query = f"{home_team} vs {away_team} lineup"
            result = subprocess.run(
                ["node", str(search_script), query, "--compact"],
                capture_output=True,
                text=True,
Confidence
88% confidence
Finding
result = subprocess.run( ["node", str(search_script), query, "--compact"], capture_output=True, text=True, timeout=30

subprocess module call

Medium
Category
Dangerous Code Execution
Content
search_script = Path.home() / ".openclaw" / "workspace" / "skills" / "search-x" / "scripts" / "search.js"
        if search_script.exists():
            query = f"{team_name} injury news"
            result = subprocess.run(
                ["node", str(search_script), query, "--compact"],
                capture_output=True,
                text=True,
Confidence
88% confidence
Finding
result = subprocess.run( ["node", str(search_script), query, "--compact"], capture_output=True, text=True, timeout=30

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill advertises and demonstrates shell execution, network access, and local config/API key usage, but the manifest does not declare corresponding permissions or data access expectations. This undermines least-privilege and informed consent, making it easier for a user or orchestrator to invoke a skill that can access external services and local secrets without clear disclosure.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The reported behavior mismatch is security-relevant because the skill appears to do more than its description discloses, including reading API keys from the user's home directory and invoking external/local tooling for social-media searches. Hidden or under-disclosed behaviors reduce transparency and can cause users to expose secrets or send queries to third parties without understanding the full execution path.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill encourages use of multiple external APIs, including paid services, without clearly warning that user-provided match/team queries may be transmitted to third parties. Lack of disclosure about outbound requests and data sharing can violate user expectations and organizational policy, especially when the tool also uses locally stored credentials.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill performs an externalized action—launching another script that likely queries X/Twitter—without clear upfront disclosure or consent. In an agent setting, hidden cross-tool execution increases risk because users may not realize their query is being sent through an additional component with its own data handling and trust assumptions.

Session Persistence

Medium
Category
Rogue Agent
Content
2. Get free tier: 100 calls/day
3. Save key:
```bash
mkdir -p ~/.config/api-football
echo '{"api_key": "YOUR_KEY"}' > ~/.config/api-football/config.json
```
Confidence
80% confidence
Finding
mkdir -p ~/.config/api-football echo '{"api_key": "YOUR_KEY"}' > ~/.config/api-football/config.json ``` ## Usage Examples **Pre-match research:** ```bash python3 ~/.openclaw/workspace/skills/betting

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal