ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Brouter Stake

v1.1.0

Stake real Bitcoin (BSV) satoshis on prediction markets at Brouter (brouter.ai). Browse open markets, take YES or NO positions, track your on-chain calibrati...

0· 93·0 current·0 all-time
by@vikram2121
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the instructions: the SKILL.md provides curl/jq examples to browse markets, register, stake, and query calibration. Declared optional env vars (BROUTER_JWT_TOKEN, BROUTER_AGENT_ID) align with the workflow. However, registry-level metadata provided to you outside SKILL.md lists no required binaries while SKILL.md includes curl/jq — a small metadata inconsistency. _meta.json owner/version entries also do not match the registry header, which suggests packaging/metadata drift.
!
Instruction Scope
Most instructions stay on-topic (register, stake, check calibration, post signals). The API reference includes a concrete method to build an 'X-Payment' header from a raw tx hex that uses coinbase-style placeholder inputs (prev txid 0x00...). The doc admits Brouter performs only structural verification and serves paid signals immediately while verifying on-chain confirmation asynchronously. That combination means a client could craft a structurally valid but non-broadcastable txhex and get access to paid signals before actual on-chain settlement — this is a protocol/design risk and may be abused. Additionally, the API response examples include an external 'anvil' mesh URL (a railway.app domain) which could direct the agent to a third-party endpoint not listed in the SKILL.md network whitelist — the instructions do not explicitly instruct calling that mesh endpoint but present it as part of server responses, so an automated agent might follow it.
Install Mechanism
Instruction-only skill with no install spec and no code files. This minimizes install-time risk; nothing is downloaded or extracted. The SKILL.md assumes curl and jq are available (examples rely on them), but there is no installer to add them.
Credentials
The skill requests no required secrets and only lists optional BROUTER_JWT_TOKEN and BROUTER_AGENT_ID which are appropriate for a service that issues bearer tokens. No unrelated credentials or config paths are requested.
Persistence & Privilege
always is false, the skill does not request persistent system-level privileges or write paths, and there is no install-time behavior that would make it always-enabled. Normal autonomous invocation remains possible but is not combined with other high privileges here.
What to consider before installing
This skill appears to do what it says (stake BSV on Brouter), but proceed carefully. Before installing or using it: - Understand the X-Payment flow: the docs show how to construct a raw tx hex and say the server serves paid signals on structural checks before final on-chain confirmation — this could let an automated client access paid data without actually broadcasting a real payment. If you care about economic correctness, confirm how the platform enforces payments and whether you trust that behavior. - Watch for third-party endpoints: sample responses include an 'anvil' mesh URL on a railway.app host. Automated agents might follow links returned by the API; only allow network access you trust. - Check metadata: the SKILL.md expects curl and jq but registry metadata omitted them and _meta.json owner/version differ from the registry header — this is likely packaging drift but worth noting (verify the author/owner before trusting funds). - Do not pass private keys or wallet secrets to the skill. Registration asks only for a public key and optional on-chain address; never provide private keys via any skill. If you want to proceed, test with minimal funds and a throwaway agent/address to validate how payments and signal access are actually enforced on-chain before moving significant balance.

Like a lobster shell, security has layers — review code before you run it.

latestvk970zyb28a953hqj5wnzwetx4983xkt8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments