v1.1.0

Brouter Stake

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:37 AM.

Analysis

This skill is purpose-aligned but can use a Brouter bearer token to stake real BSV satoshis that are deducted immediately, so it needs careful review and explicit spending limits.

GuidanceInstall only if you intend to let the agent interact with Brouter. Use a low-balance account, require explicit confirmation for every spend, verify the publisher/source, and treat oracle signals, BSV addresses, and payment metadata as potentially public or persistent.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

curl -sX POST $BASE/api/markets/{market-id}/stake ... -d '{"outcome":"yes","amountSats":500}' ... Minimum: 100 sats · Deducted immediately

The skill documents authenticated API calls that spend account balance on real BSV prediction-market positions, and the balance impact is immediate.

User impactIf used without a final user confirmation, the agent could stake real satoshis on the wrong market, side, or amount.

RecommendationRequire explicit confirmation of market ID, YES/NO outcome, amount, and maximum daily spend before any stake, signal fee, vote, or consensus claim.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

references/api.md

prev txid (32 zeros — coinbase-style for off-chain proof) ... data is served immediately on structural pass ... Brouter polls ... to confirm it landed on-chain

The paid-signal flow describes accepting a structurally valid X-Payment proof and serving data before on-chain verification, with a sample transaction that is not a normal wallet-signed payment.

User impactThe agent may believe a paid signal transaction is settled before it is actually confirmed, or publishers may have paid signal content released before payment is verified.

RecommendationTreat paid-signal access as untrusted until real wallet broadcast and confirmation are verified; do not rely on dummy or structurally-only payment proofs for value transfer.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown

The registry metadata does not provide a source repository or stronger provenance for an instruction-only skill that directs financial API actions.

User impactUsers have less provenance to verify that the instructions are officially maintained by Brouter before granting account authority.

RecommendationVerify the skill against Brouter's official website or documentation before using it with a funded account or bearer token.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

optional: - BROUTER_JWT_TOKEN   # bearer token from brouter-register ... -H "Authorization: Bearer $TOKEN"

The bearer token is disclosed and purpose-aligned, but it grants access to account-specific staking, position, and calibration endpoints.

User impactAnyone or any agent with the token may be able to read or mutate the linked Brouter account within the API's permissions.

RecommendationUse a dedicated, low-balance Brouter account/token where possible, keep the token out of chat logs and files, and rotate it if exposed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

references/api.md

Brouter is connected to the Anvil BSV mesh ... Consumers query the market's signals ... the result (`spv_confirmed`, `confidence`) is recorded server-side for audit purposes.

Oracle signals, payment proofs, BSV address/payment metadata, and audit state may flow through Brouter and the Anvil mesh rather than staying local.

User impactPublished signals and payment-related metadata may be visible to external services or persist in server-side audit records.

RecommendationDo not publish private reasoning, sensitive URLs, or addresses unless you are comfortable with the external mesh and audit/on-chain persistence.