ClawHub

Wm Tipp

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed World Cup tip script that fetches public odds, caches them locally, and sends messages only to user-configured Telegram recipients.

Install only if you intend to send scheduled World Cup tip messages. Review the Telegram chat IDs before running it, use a trusted local or HTTPS Telegram gateway, avoid exposing the environment variables, and do not override WM_SKILL_DIR unless you understand where the cache file will be written.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tainted flow: 'CACHE_FILE' from os.environ.get (line 18, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
return {"fetched_at": None, "markets": {}}

def save_cache(cache):
    with open(CACHE_FILE, "w") as f:
        json.dump(cache, f, indent=2)

def is_cache_valid(cache):
Confidence
89% confidence
Finding
with open(CACHE_FILE, "w") as f:

Tainted flow: 'req' from os.environ.get (line 78, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
req = urllib.request.Request(url, data=data, headers={"Content-Type": "application/json"})
    try:
        with urllib.request.urlopen(req, timeout=10) as resp:
            return resp.status == 200
    except Exception as e:
        print(f"Telegram error: {e}", file=sys.stderr)
Confidence
98% confidence
Finding
with urllib.request.urlopen(req, timeout=10) as resp:

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The markdown states that the skill sends tips to Telegram recipients but does not warn users that content and recipient identifiers will be transmitted to an outbound messaging service. This can lead to unintended disclosure or misuse if users configure the wrong recipients or do not realize the skill performs external delivery on a schedule.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation instructs users to set a Telegram API endpoint and recipient chat IDs in environment variables without any warning that these values are sensitive operational configuration. If mishandled, these settings can expose internal service endpoints, leak recipient identifiers, or enable unauthorized message routing through a misconfigured or attacker-controlled gateway.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The description advertises 'Automatische Daily-Tipps an Telegram' without stating what event, consent flow, or scheduling constraints trigger those outbound messages. Broad auto-invocation wording can cause unexpected autonomous behavior, including unsolicited messaging or repeated execution beyond user intent, which increases abuse and privacy risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal