ClawHub

football-value-bets

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed football betting helper that fetches match data, uses a football-data.org API key, and stores local betting history; I found no hidden exfiltration, bet placement, or destructive behavior.

Install only if you want betting-analysis assistance and are comfortable with external football-data/news lookups, use of a football-data.org API key, and local storage of stakes, picks, results, ROI, and history. Prefer an environment variable for the API key, use a virtual environment for dependencies, confirm before saving slips, and periodically delete the skill's local data if you do not want betting history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill uses environment variables, file read/write, and network access via shell commands and scripts, but does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: a host may allow the skill under the assumption it is low-risk, while it can still access external APIs and persist user-related betting data. In this context, undeclared capabilities are more dangerous because the skill handles persistent tracking and outbound requests tied to a user workflow.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented behavior overpromises analysis features while the actual described operations focus on data fetching and bet storage/tracking, with key steps such as injury checks, xG analysis, odds comparison, and value-edge evaluation not implemented in the referenced code path. This mismatch can mislead users and reviewers about what the skill actually does, undermining informed consent and increasing the chance that networked data collection and persistent storage occur under inaccurate expectations.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The activation text is broad enough to trigger on common football conversations such as picks, tips, or analysis, not solely explicit requests to engage a betting workflow. Over-broad triggering can cause unnecessary API calls, web searches, and persistent bet-tracking actions in response to ordinary sports discussion, which is especially risky given the skill's network and file-writing behavior.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The listed activation criteria include general match analysis and stats/ROI requests without clearly constraining them to betting-related intent. Because the skill can save records and call external services, ambiguity here can lead to unanticipated capability use and collection of user interaction history outside a narrowly intended scope.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to automatically save generated bet slips for tracking, but it does not require explicit user consent or provide a clear notice that persistent data will be written. Silent persistence creates a privacy and transparency issue, particularly because bet history, stake size, dates, and performance records can reveal behavioral patterns about the user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal