ClawHub

GPTSportswriter

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does sports betting report generation, but it also includes an under-scoped email helper that can send reports to a fixed personal address after loading the whole workspace environment.

Review or disable scripts/send_daily_report.sh before installing. The normal report-generation scripts appear purpose-aligned, but do not run the email helper unless you intentionally want a generated betting report sent through the listed AgentMail inbox to the hard-coded Gmail recipient, and prefer a version that asks for the recipient and loads only the specific required secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises a documentation-only research workflow but includes instructions to use environment variables, local files, network access, and shell execution without declaring those capabilities. Undeclared powerful capabilities reduce auditability and can enable unexpected data access or command execution paths, especially if downstream scripts are trusted implicitly by an agent runtime.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented behavior exceeds the stated purpose by including outbound email distribution and extra external data fetching not clearly disclosed in the description. That mismatch is dangerous because users or orchestrators may invoke the skill expecting passive report generation while it can actually transmit generated content externally and access additional network resources.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Including a command to send the generated report by email is outside the core purpose of producing betting research and creates an unnecessary exfiltration channel. Even if intended for convenience, an agent could use it to transmit sensitive prompts, generated content, or environment-derived data to an external address without the user appreciating that side effect.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script loads the workspace-wide .env into its process environment before generating and emailing a report, giving this skill access to secrets and configuration beyond what is needed for sports-report generation. In this skill context, broad secret loading is riskier because the same script also performs external delivery, creating a path for unintended disclosure of sensitive values through downstream code or future modifications.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script automatically emails a generated betting report to a fixed external recipient, which exceeds the stated research-and-summary purpose and introduces unsolicited outbound data transfer. Even if the content is only a report today, this behavior is dangerous because it can exfiltrate generated content or any accidentally included sensitive data without user review or consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Sourcing a .env file without user-facing warning means the skill silently imports secrets or sensitive configuration into its execution environment. In a skill that also generates and sends external communications, undisclosed secret access materially increases the risk of over-privileged execution and unintended leakage.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script sends report contents to an external email address with no visible warning, approval step, or disclosure to the user. Hidden outbound transmission is dangerous because users may believe the skill only performs local research/summarization, while in reality it exports content outside the environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal