Back to skill
Skillv0.1.0
VirusTotal security
Football Data · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:42 AM
- Hash
- f5035910da64751dfc1500af3424a672ad63212c25f5f78fc289ef32a72930a2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: football-data Version: 0.1.0 The skill is classified as suspicious primarily due to the installation instructions in `SKILL.md` that direct the AI agent to execute `pip install git+https://github.com/machina-sports/sports-skills.git`. This command installs a package directly from a remote Git repository, representing a significant supply chain risk as it allows arbitrary code execution during setup if the GitHub repository were compromised. Additionally, the skill relies on executing an external CLI tool (`sports-skills`), which, while common, introduces a dependency on the security of that external tool and could be a shell injection vector if the CLI itself is vulnerable or if the agent constructs arguments poorly, despite the `SKILL.md` attempting to restrict command usage.
- External report
- View on VirusTotal