ClawHub

BallBall

Security checks across malware telemetry and agentic risk

Overview

This football betting skill is not malware, but it automatically stores betting predictions and self-updating model state in persistent local memory without clear opt-in or reset controls.

Review before installing. Use it only if you are comfortable with an agent visiting third-party odds pages and saving your betting-analysis history and model updates locally. Consider instructing the agent to ask before any memory write, and do not rely on its betting output as guaranteed financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The framework requires persistent archiving of every prediction to a user-local file under the home directory, even though this storage behavior is not necessary to produce a prediction and is not clearly disclosed in the skill description. This creates an unnecessary data-retention surface and can expose user activity, betting interests, and derived analysis history to later unintended access or reuse.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The documented workflow instructs the agent to write prediction history into ~/.hermes/workspace/memory/football-match-history.md, which is a durable user-local memory location unrelated to the core prediction task. Writing to long-term memory without strong necessity increases privacy risk, creates silent profiling of user behavior, and may persist data beyond the user's expectations.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The file explicitly instructs the skill to persist learned betting-analysis framework data and match history into local memory files across sessions, but this storage behavior is not disclosed in the skill description. Undisclosed persistence is a security and privacy issue because it creates hidden state, may retain user-provided inputs indefinitely, and can influence future outputs in ways the user did not knowingly authorize.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger conditions are broad enough to activate on ordinary football-related conversation, which can cause the skill to run unexpectedly and initiate web scraping or analysis without clear user intent. In this skill, unintended activation is more dangerous because activation leads directly into data collection and persistence workflows, increasing the chance of unwanted network access and side effects.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill mandates writing match details and recommendations into a persistent cross-session memory file without clearly warning the user or obtaining consent. Persistent storage creates a retention and disclosure channel, and mandatory writes make the side effect unavoidable even for users who only wanted a one-off analysis.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes automatic persistence of framework updates and cross-session learning without privacy, integrity, or poisoning safeguards. This is dangerous because stored model state and history can be influenced by untrusted inputs over time, leading to silent retention of user-derived data and potentially corrupted future recommendations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description explicitly promises automatic scraping of third-party sports data and betting recommendations, but it does not disclose expected network activity, external data access, or operational/legal risks to users. In an agent skill, hidden or under-disclosed network behavior is security-relevant because users may trigger outbound requests to external sites without informed consent, and the betting context increases sensitivity due to possible financial harm from opaque automation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill mandates appending prediction details to a persistent file without warning the user that their requests and analysis outputs will be stored locally. Undisclosed logging is dangerous because users may reveal habits, preferences, schedules, or other sensitive context, and the retained file can later be accessed by other tools or people with local access.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The markdown directs the skill to write framework updates and match history to user memory files without any warning or consent flow. Writing persistent data into user-associated storage without disclosure is dangerous because it can silently accumulate behavioral history, preserve potentially sensitive user inputs, and create non-obvious cross-session tracking.

Ssd 3

Medium
Confidence
97% confidence
Finding
Forcing the agent to append match details, betting recommendations, and predicted scores to a shared memory file creates a natural-language data retention channel that can leak information across sessions or tasks. In skill contexts, cross-session memory files are especially sensitive because later prompts or skills may read and repurpose stored content without the original user's awareness.

Ssd 3

Medium
Confidence
96% confidence
Finding
The mandatory archival step establishes a built-in natural-language logging mechanism that records every prediction and supporting context into long-term memory. Even if the content seems non-sensitive, systematic retention can accumulate behavioral data over time and becomes a reusable surveillance or profiling artifact if accessed later.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal