ClawHub

World Cup Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill is a mostly transparent World Cup prediction API client, but users should verify the provider's quota and retraining claims before relying on them.

Install only if you are comfortable sending requested team matchups and API-key traffic to the provider at jiajielitong.com. Treat the predictions as statistical reference, not betting advice, and verify the provider's quota, repeat-query, account-registration, and retraining claims directly with the service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The skill's public description narrows scope to national-team World Cup analysis, but the body authorizes broader behavior including automatic API-key acquisition, quota/account onboarding, fuzzy team validation, and a reserved club-football mode. This mismatch can mislead users and reviewers about what external services are contacted and what account-linked actions occur, increasing the risk of unintended data exposure, unreviewed network interactions, and policy bypass through undocumented functionality.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The eval file requires the skill to discuss quota limits, temporary keys, credits, registration, and backend/model-marketing details that are outside the manifest’s stated purpose of match prediction and compliance-safe statistical output. This creates scope drift and can pressure the agent into collecting or promoting account/onboarding flows not disclosed to users, increasing the risk of deceptive behavior, hidden commercial routing, or unsafe prompt coupling between prediction and monetization logic.

Description-Behavior Mismatch

Low
Confidence
88% confidence
Finding
The eval mandates inclusion of a specific external website in user-facing quota-limit messaging even though the manifest does not disclose any external destination or affiliated service. Hard-coding an undisclosed link into responses can be used for covert traffic steering, affiliate promotion, or phishing-style redirection, especially when users believe they are interacting only with a prediction skill.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The instruction tells the agent to claim that completed match results have been used to retrain the backend model, but the file only defines reference-checking and response behavior and provides no actual retraining mechanism. This creates a misleading statement about system capabilities and data handling, which can deceive users about how their interaction affects the model.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The client explicitly supports the "england-premium" competition even though the skill metadata says it predicts international football between national teams. This scope mismatch can bypass policy, user expectations, or platform controls that rely on the manifest, enabling use of the skill for unsupported content.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The onboarding text promises that repeating the same fixture within 3 days does not consume credits, but the actual prediction cache TTL is only 6 hours. This is a trust and billing-integrity issue: users may rely on a false quota representation and unexpectedly consume credits after the shorter window.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The formatted quota note repeats an unsupported claim that identical fixtures are free for 3 days, while the code only caches predictions for 6 hours. Repeating the incorrect statement in normal output increases the chance of misleading users and causing unexpected quota depletion or disputes.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly states that the skill sends requests to a third-party remote API and may obtain temporary keys, but it does not clearly warn users that their prompts, team selections, IP-derived temp-key requests, and possibly metadata will be transmitted off-platform. In an agent-skill context, missing disclosure can cause unintended sharing of user data with an external service and prevents informed consent.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
This is an unsupported policy instruction that directs the agent to present a fabricated operational fact as true. Even though it is not a code-execution issue, it is a security and trust concern because the skill is instructing the model to misrepresent backend behavior to users.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal