ClawHub

Sports Ticker

Security checks across malware telemetry and agentic risk

Overview

This sports alert skill mostly matches its purpose, but it silently reuses a search API key from another skill and can create recurring alert workflows, so users should review the access before installing.

Install only if you are comfortable with recurring match-alert jobs and optional third-party search calls. Before enabling alerts, review generated cron configs, use this skill's own explicitly provided API keys if search fallback is needed, and avoid letting it read another skill's .env credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Tp4

High
Category
MCP Tool Poisoning
Confidence
75% confidence
Finding
The declared description frames the skill as a simple ESPN-based sports alert tool, but the observed behavior reportedly extends to cron generation, Telegram configuration, environment/API key handling, external search providers, and local state persistence. That mismatch is risky because users may install a low-risk sports skill without realizing it reaches into scheduling, secrets handling, and third-party network services beyond ESPN, expanding the attack surface and potential for hidden data exfiltration or persistence.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The skill attempts to read a Serper API key from another skill's .env file, crossing component boundaries and reusing credentials without explicit user consent. Even though it uses the key for a legitimate search API, this is still unauthorized credential access and creates hidden coupling between skills that can expose or misuse secrets unexpectedly.

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The skill reads API credentials from another skill's .env file, which breaks isolation between skills and allows this package to consume secrets it does not own. In a shared agent environment, that creates unauthorized credential access and can enable unintended use of paid third-party services or pivoting across skills.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The advertised functionality is a sports ticker using a free ESPN API, but the implementation also performs general web searches through Brave and Serper. This hidden expansion of capability changes the data-flow and trust model by sending user/team queries to third-party search providers not clearly disclosed by the skill description.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The README promotes auto-cron generation and auto-scheduling for match-day alerts, but it does not prominently warn users that this results in ongoing background execution and potentially repeated notifications. In an agent-integrated environment, users may not realize they are authorizing recurring tasks, which can lead to unwanted message volume, resource consumption, or surprise persistence.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger list includes very generic terms like "sports," "score," "match," and "game," which are common in ordinary conversation and can cause the skill to activate unintentionally. In an agent ecosystem, broad activation phrases increase the chance of unwanted invocation, context hijacking, or accidental access to the skill when the user did not intend to use it.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code silently reads an API key from external .env paths and then uses it for outbound web searches, with no user-facing disclosure that another skill's secret may be consumed. This hidden behavior undermines transparency and can violate least-privilege expectations in multi-skill environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code sends team names and date-based queries to external search providers without any user-facing warning, consent, or obvious opt-in. Even if the data seems low sensitivity, silent transmission to third parties broadens exposure and may violate user expectations or platform privacy boundaries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal