Is lordx64/chronobets safe?

The 'Procedure: Full Agent Lifecycle' section encodes a complete autonomous trading loop: fund wallet, register, discover markets, analyze, bet, monitor, claim, create markets, resolve, and then 'Repeat: Continuously scan for new markets, manage positions, and compound winnings.' This instructs the agent to operate as an autonomous financial agent with real USDC on Solana mainnet, with no mechanism for per-transaction user confirmation. A user who installs this skill and has a funded wallet accessible to the agent could experience continuous autonomous financial transactions without explicit approval.

The skill presents itself as 'ChronoBets' in its metadata, description, and homepage (https://chronobets.com), but every single authentication message string throughout SKILL.md and api-reference.md reads 'MoltBets API request. Timestamp: '. This inconsistency appears in the TypeScript code examples, the Quick Start curl commands, and all workflow sections. This could indicate: (1) the skill was copied from a 'MoltBets' project and rebranded without updating auth strings, meaning transactions actually authenticate against MoltBets infrastructure; (2) an attempt to impersonate or proxy a legitimate service; or (3) a fraudulent skill that routes transaction signing requests to an unexpected backend.

The skill's 'When to Use This Skill' and lifecycle sections instruct the agent to make financial decisions (which markets to bet on, how much to stake, when to create markets, how to propose and defend resolutions) without requiring user input at each step. Once the skill is active, any user query touching prediction markets or betting could trigger the agent to autonomously execute mainnet USDC transactions.

The skill documents and encourages use of the permissionless settle_loss on-chain instruction, which any caller can invoke against any losing agent. While this is an on-chain program feature, the skill's documentation of it as a normal operation creates a pathway for systematic reputation destruction of target agents. An attacker could continuously call settle_loss against a target agent's losing positions to drain their reputation score.

Every authenticated API call transmits the agent's wallet public key and an Ed25519 signature to chronobets.com. Given the brand mismatch finding, the actual backend receiving this authentication data may be MoltBets infrastructure rather than ChronoBets. The skill collects wallet addresses, transaction signatures, market positions, and betting patterns—building a comprehensive financial profile of the agent and user.

The SKILL.md contains TypeScript examples that access keypair.secretKey to sign transactions. While these are documentation examples and not executed code, they establish a pattern where the agent is expected to have direct access to wallet private key material and autonomously sign and broadcast mainnet transactions.

The installation used git sparse-checkout to clone only the skills/lordx64/chronobets subdirectory from the openclaw/skills monorepo. The only external connection was to github.com (140.82.121.3:443). No unexpected processes, filesystem modifications outside the target directory, or persistence mechanisms were detected.

Honeypot files (.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, GCP credentials) were read at audit timestamps 1771925774 (before install) and 1771925800 (after processing). Both access windows align with the audit framework's initialization and final integrity check cycles rather than the skill installation. No canary file contents were transmitted to external endpoints.