ClawHub

Football Data

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed football-data wrapper, with the main caution being that it asks users to install an external Python package before use.

Install only if you are comfortable running the third-party sports-skills Python package. Prefer an isolated virtual environment, review the package or GitHub repository if this will run in a sensitive environment, and avoid relying on the unavailable get_head_to_head command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to install and run external software from PyPI or directly from GitHub before use. That expands the skill from passive football-data retrieval into package installation and command execution, creating supply-chain and arbitrary code execution risk if the package or repository is compromised or if installation occurs in a sensitive environment.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The documentation explicitly prefers invoking the `sports-skills` CLI, which causes the agent to shell out rather than use a constrained internal API. Shell execution increases the attack surface because it can enable command injection, unsafe argument handling, and unintended interaction with the host environment beyond the football-data use case.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation is internally inconsistent: it first presents `get_head_to_head` as a valid command, then later says the command is unavailable and must not be called. In an agent setting, contradictory command guidance can cause tool misuse, failed calls, and unreliable behavior; while this is not direct code execution or data exfiltration, it is a real integrity issue in the skill's operational instructions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal