ClawHub

World Cup 2026

Security checks across malware telemetry and agentic risk

Overview

This is a sports schedule and prediction helper with local data files; its limited write behavior is disclosed and user-triggered, not hidden or destructive.

Install only if you want a local World Cup assistant and are comfortable with it reading bundled sports data and, when explicitly asked, updating its bundled schedule, odds, or ranking JSON files. Treat predictions, odds, rankings, and match data as unofficial unless you verify them against current sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
81% confidence
Finding
The skill advertises itself as a pure text output assistant, but later instructs the agent to write back to local JSON files. That capability mismatch can mislead reviewers and users about side effects, increasing the chance that local data is modified without informed consent or proper authorization checks.

Description-Behavior Mismatch

Medium
Confidence
81% confidence
Finding
The skill advertises itself as a pure text output assistant, but later instructs the agent to write back to local JSON files. That capability mismatch can mislead reviewers and users about side effects, increasing the chance that local data is modified without informed consent or proper authorization checks.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The documentation authorizes modifying local data files (`matches.json`, `teams.json`) in response to user prompts, even though the skill’s purpose is only to help users view schedules and odds. Unnecessary write access expands the attack surface: a malicious or confused user could poison future outputs, corrupt local state, or abuse the agent as a file editor.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The file presents itself as authoritative 2026 World Cup schedule data, but the metadata and participant structure appear internally inconsistent with the described tournament. In a sports-assistant skill, inaccurate 'authoritative' data can directly mislead users, produce false schedules or recommendations, and undermine downstream logic that depends on group composition and bracket format.

Vague Triggers

Medium
Confidence
72% confidence
Finding
The trigger keywords are broad enough to activate on ordinary sports discussion, which can cause unintended skill invocation and response hijacking within a chat. In this context the impact is limited because the skill is text-only and sports-focused, but it can still degrade user control and cause misleading or unwanted outputs.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Broad triggers such as generic terms for schedules, knockout rounds, or who-plays-who create a high risk of accidental activation during ordinary conversation. Unintended activation can cause the skill to take over irrelevant chats, misroute user intent, or invoke downstream behaviors like data handling when the user did not mean to use this skill.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The intent-routing rules are ambiguous and overlapping, especially for phrases like ‘XX 比赛’ or predictive questions that may collide with team, schedule, and match-analysis modes. Ambiguity increases the likelihood of the agent choosing the wrong mode and performing unintended processing, which is more concerning here because the skill also documents state-changing update behaviors elsewhere.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to modify local data files without any user-facing warning, confirmation, or safety boundary. Silent persistence is dangerous because users may think they are only asking for analysis while actually causing durable state changes that affect future sessions and outputs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal