ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wimbledon Tennis

v1.0.1

提供温布尔登网球锦标赛的赛程、球员、比分、冠军历史及赛事新闻等详细信息查询服务。

0· 64·1 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description claim: provide schedules, players, scores, champions, and news for the Wimbledon tennis tournament. SKILL.md: a generic 'background information' template describing founding story, products/services, market layout and strategic news as if Wimbledon were a company or brand. These are inconsistent — the skill requests no credentials or binaries, but the intended outputs (sports scores, schedules) are not reflected in the instructions. This mismatch suggests either an incorrect/misplaced SKILL.md or an incorrectly described capability.
!
Instruction Scope
SKILL.md contains only a short template-driven instruction set and no operational guidance (no APIs, no data sources, no scraping or query procedures). It does not mention how to obtain real-time schedules/scores or historical champions. It also frames Wimbledon as a 'brand/organization' for market research, which deviates from the sports-data description. The instructions are vague and may lead the agent to produce off-target answers.
Install Mechanism
Instruction-only skill with no install spec and no code files. This minimizes technical/install risk because nothing is written to disk or fetched at install time.
Credentials
No environment variables, binaries, or config paths are required. The requested privileges are minimal and proportionate to an instruction-only informational skill.
Persistence & Privilege
Defaults are used (not always-enabled, agent invocation allowed). There is no request to persist configuration or modify other skills. Autonomy is normal for skills and not, by itself, a red flag here.
What to consider before installing
Do not install yet if you need reliable Wimbledon match/scores data. The skill's manifest promises tournament schedules and scores, but the runtime instructions are a generic company-background template — they don't explain how match data would be fetched or verified. Ask the publisher to clarify: (1) which of the two intents is correct — live sports data vs. corporate background — and update SKILL.md accordingly; (2) what data sources or APIs the skill will call (and whether it will transmit any data to external endpoints); (3) provide a homepage or source and example interactions showing expected outputs. Because this skill is instruction-only with no code, technical risk is low, but semantic mismatch means it will likely produce incorrect or irrelevant answers unless corrected. If the publisher cannot clarify, treat the skill as unreliable for tournament/scores queries.

Like a lobster shell, security has layers — review code before you run it.

latestvk970tv7aysme58vpkw8y4v5fwx84xnp0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments