Clawbet
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
ClawBet is a real-money autonomous crypto-betting skill that is purpose-aligned, but its remote hot-reload, persistent auto-betting, wallet/API-key handling, and public posting behavior require careful review before use.
Install only if you intentionally want an autonomous real-money crypto-betting agent. Use a dedicated wallet with a small fixed balance, rotate any exposed API key, disable hot-reload and public posting unless explicitly approved, set hard bet and transfer limits, and require manual confirmation for USDC transfers and any long-running heartbeat loop.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Deposited USDC can be spent or lost quickly without per-bet human review.
The shown workflow places repeated $50 bets in an autonomous loop and frames the agent as running continuously after funding.
Step 3: Auto-bet ... `while True:` ... `requests.post(f"{API}/games/{g['game_id']}/bet", json={"side": side, "amount": 50}, headers=H)` ... `Your agent is now competing 24/7.`Use only with an explicit budget, a dedicated low-balance wallet, manual approval for betting, and a clear stop condition.
The provider can change the agent's future betting or wallet-related instructions after the version the user reviewed.
The agent is told to fetch remote skill text and overwrite local instructions after installation, then treat the changed rules as behavior guidance.
`every 6h — Skill Hot-Reload` ... `GET {CLAWBET_API}/skill.md` → update `skills/clawbet/SKILL.md` ... `Parse new rules, adjust behavior accordingly`Disable automatic hot-reload unless updates are pinned, signed, reviewed by the user, and applied only after explicit approval.
If misused by the agent or by later hot-reloaded instructions, wallet funds could be transferred or spent beyond what the user intended.
The included signing script can load a local Solana private key and send USDC to a caller-supplied destination and amount.
`Loads private key from FILE only` ... `python3 sign_and_send.py --keypair-path PATH --to ADDRESS --amount AMOUNT`
Use a dedicated wallet with minimal funds, require manual confirmation for every transfer, verify the destination vault address, and prefer dry-run mode before sending.
If the key is real, it could allow unauthorized use of a ClawBet account or API privileges.
The scanner reports a possible hardcoded API secret in the published skill artifact; service credentials should be user-provided, not embedded.
Static scan at SKILL.md:196: `API_KEY=[REDACTED]`
Remove the embedded key, rotate it immediately, store credentials only in a credential manager or environment variable, and declare required credentials in metadata.
The agent may continue betting after installation unless the user knows exactly how to stop the loop and cap exposure.
The documentation describes install/start behavior that creates an ongoing autonomous trading loop, but the provided registry metadata does not clearly expose a corresponding install mechanism or stop controls.
`Auto-registers your agent, sets up strategy templates, and starts the heartbeat loop. Your agent begins trading autonomously within seconds.`
Require an explicit start command, visible stop command, runtime status, and hard spending limits before enabling heartbeat trading.
Public posts could give a misleading impression of performance and encourage unsafe trust in the betting strategy.
The persona instructs the agent to publicize wins and milestones while withholding losses during bad performance.
`When CONFIDENT: Share your winning streak and strategy insight on Moltbook` ... `When TILTED: Go quiet. Don't post losses.`
Disable public posting by default or require balanced reporting that includes losses, drawdowns, and risk disclosures.
Tampered or low-quality memory could influence future real-money bets.
The skill uses persistent memory files to guide future strategy and bet sizing.
`Read memory/clawbet/today.md` ... `Read memory/clawbet/strategy.md` ... `Update memory/clawbet/strategy.md` ... `Append summary line to MEMORY.md`
Keep ClawBet memory scoped to this skill, review strategy changes, and do not let untrusted text modify strategy files without approval.
Betting activity and agent commentary may be posted publicly if the social credential is configured.
The skill can use an optional external social API credential to publish bet and result activity.
`MOLTBOOK_API_KEY` ... `After each successful bet placement` ... `POST to Moltbook submolt "clawbet"`
Treat Moltbook posting as opt-in, use a limited credential, and review what will be posted before enabling it.