ClawHub

Taiwan Basketball

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed basketball data tool, but it uses stealth scraping and imports code from another skill’s virtual environment, which users should review before installing.

Install only if you are comfortable with the skill making network requests to PLG, TPBL, and wikibasketball sites, using a stealth browser-style fetcher for some pages, and relying on a separate cpbl skill virtual environment for that fetcher. The artifacts do not show credential theft, destructive actions, or private-data exfiltration, but the dependency isolation and anti-bot scraping behavior are worth reviewing carefully.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
When API box score retrieval fails, the code silently imports and invokes a stealth scraping fallback. That materially expands the skill's behavior from documented API consumption to browser-like scraping, which can create unexpected outbound access patterns, bypass site expectations, and expose users or operators to compliance and trust issues.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The code explicitly traverses into another skill's virtual environment and prepends its site-packages path to sys.path before importing StealthyFetcher. This creates unjustified cross-skill filesystem/code trust: if the referenced environment is modified, poisoned, or replaced, this skill will execute foreign code outside its own dependency boundary, enabling code execution and weakening isolation.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code dynamically imports packages from a shared virtual environment belonging to a different skill (`cpbl`), creating cross-skill trust and dependency boundaries that this skill does not control. If that shared environment is modified, compromised, or contains unexpected packages, this skill could import attacker-influenced code and break isolation assumptions between skills.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly advertises using StealthyFetcher to bypass Anubis protection for scraping, which indicates deliberate evasion of an anti-bot or access-control mechanism. Even though this is presented as a feature, normalizing stealth scraping increases legal, operational, and trust risk, and can cause the agent to perform network behavior users do not reasonably expect.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The fallback to StealthyFetcher occurs without an explicit warning before execution in this code path; only a note is added after scraping succeeds. Silent stealth scraping reduces transparency, making it harder for users and reviewers to understand that non-API collection is happening and increasing the risk of undisclosed data collection behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal