NBA Tracker

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly an NBA viewing/tracking helper, but it also documents a local Apple Calendar write path that is not clearly framed as a persistent, user-approved change.

Install only if you are comfortable with the agent potentially creating Apple Calendar events when using that helper. Treat any calendar write as opt-in: ask for a preview first, confirm the exact event details, and consider pinning dependencies before installing in a sensitive environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The documented calendar helper executes local AppleScript through osascript, which is a state-changing capability on the host and can modify user calendar data. Although the sample appears intended for convenience rather than abuse, it normalizes shelling out to a powerful local automation interface without clear trust boundaries, input validation, or an explicit warning that it will create persistent local events.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The skill claims it is designed for viewing purposes, but later includes functionality that writes to Apple Calendar. This mismatch can mislead users or downstream agents into treating the skill as read-only when it actually performs local side effects, increasing the chance of unintended execution of modifying actions.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The calendar-writing example modifies user data by creating events, yet it lacks an explicit warning, consent flow, or confirmation requirement. In agent settings, undocumented side effects are dangerous because users may expect informational output but instead trigger persistent changes to local applications and personal calendar data.

Unpinned Dependencies

Low

Category: Supply Chain
Content: # NBA Tracker Skill 依赖 nba_api>=1.4.1 pandas>=2.0.0
Confidence: 91% confidence
Finding: nba_api>=1.4.1

Unpinned Dependencies

Low

Category: Supply Chain
Content: # NBA Tracker Skill 依赖 nba_api>=1.4.1 pandas>=2.0.0
Confidence: 95% confidence
Finding: pandas>=2.0.0

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal