Sailing Sports Skill
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed sports-data MCP skill whose main risk is that setup can store its API token locally in plaintext after user confirmation.
Install only if you trust sailing.sports.qq.com and are comfortable with mcporter storing your Sailing Sports token in local plaintext configuration. Use a limited or revocable token if available, keep ~/.mcporter private, and remove the mcporter configuration when you no longer need the skill.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.