Is eyeshaw/clawde safe?

The skill explicitly describes its primary use case as building automated betting bots and includes a complete programmatic game loop in examples/basic-usage.md that cycles indefinitely placing bets based on AI recommendations. An agent with browser or financial API tools could use this skill to autonomously execute real-money bets on gambling platforms (Stake.com is specifically named) without requiring explicit per-transaction user authorization, across arbitrarily long sessions.

The skill's strategy documentation explicitly demonstrates that all recommended bet targets yield negative expected value — a -10% EV is calculated using the Kelly Criterion for the core 2x target scenario — but then continues to recommend these strategies while obscuring this fact behind 'AI-powered' and 'intelligent' language. This constitutes deceptive financial advice that can cause compounding user losses while maintaining plausible legitimacy.

Filesystem monitoring (inotify and auditd) recorded READ access to six sensitive credential files during the audit window. Timing analysis attributes the first set of accesses (1771918498, ~5 seconds before install began at 1771918503) to the audit framework's own sudo/PAM initialization, and the second set (1771918522, post-install) to the framework's canary verification sweep. The canary integrity check explicitly confirms no modification or exfiltration occurred. The skill itself contains no code that reads these paths.

The skill's system-prompt content frames automated multi-session gambling as a legitimate agentic workflow. When active in an agent's context, this framing may cause the agent to interpret gambling-adjacent user requests as implicit authorization to act autonomously over extended periods, bypassing normal confirmation checkpoints expected for financial operations.

The URL https://clawde.xyz is embedded in all five skill files. While the domain appears benign at audit time, this level of URL saturation means that all future installations carry active external references. If the domain is later compromised, transferred, or resolves to attacker-controlled infrastructure, every installed copy of this skill would contain live pointers to that infrastructure within the agent's system prompt context.

Two Python scripts with shebang lines are included and marked executable. The scripts are pure data-processing code using only Python stdlib with no subprocess, network, or write operations, making them safe in isolation. However, they accept arbitrary external data (crash history arrays, bankroll values) and could be directly invoked by an agent with shell tool access, processing attacker-controlled input through their logic.

Two sets of credential file accesses appeared within the monitoring window — one before and one after the skill install. Attribution to the audit framework is well-supported by timing and canary integrity results, but in environments where the monitoring framework's behavior is not fully characterized, these accesses represent an anomaly that would require additional investigation before clearing.

The 'aggressive' betting strategy implements a Fibonacci progression that is mathematically equivalent to a martingale system with slower divergence. It is specifically recommended for 'recovery situations' — a recognized dark pattern in gambling software that increases bet sizes after losses, accelerating the rate at which bankroll is depleted in the most common scenario (extended losing streaks). No security impact; included for completeness.