Back to skill

Security audit

OpenFootball World Cup

Security checks across malware telemetry and agentic risk

Overview

The skill mainly reads a public World Cup dataset, but its fallback setup tells the agent to install and authenticate a CLI in ways that are broader than the read-only purpose needs.

Install only if you are comfortable using OOMOL's `oo` CLI for this dataset. Prefer having the CLI already installed and signed in; do not let an agent run the remote installer or login flow automatically unless you have reviewed the command and explicitly approved that local setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as a read-only data access skill, but it authorizes executing installation and authentication commands in Bash. That expands the trust boundary from passive data retrieval to local system modification and account-affecting actions, which can mislead an agent or user into running unnecessary side-effecting commands.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill includes remote shell installation commands (`curl ... | bash` / PowerShell `iex`) even though its purpose is only to read a public dataset. This creates an unnecessary remote code execution path on the host, and an agent following the instructions could install arbitrary code from the network without strong justification.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The safety section reassures that untagged actions are safe reads, but elsewhere the skill permits side-effecting commands like CLI installation and authentication. This contradictory guidance can cause an agent to over-trust the skill and perform local system changes or account actions under the assumption that the workflow is read-only.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger scope says to use this skill for ANY OpenFootball World Cup request, which is overly broad and encourages automatic invocation without checking whether simpler or safer methods are more appropriate. In combination with Bash tool access and setup instructions, broad activation increases the chance of unnecessary command execution on unrelated or low-risk requests.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.