Sports Odds Scanner

Security checks across malware telemetry and agentic risk

Overview

This is a simple sports-odds helper that discloses its use of The Odds API and does not show hidden or unsafe behavior.

Before installing, be comfortable providing a The Odds API key and allowing the agent to send requested sports, markets, and lookup parameters to The Odds API. Use a dedicated API key and monitor quota or billing, but the reviewed artifact does not show hidden persistence, destructive behavior, or unrelated data access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 94% confidence
Finding: The manifest declares an API credential and the skill sends requests to a third-party service, but the skill does not clearly warn the user that their requests and API-backed lookups will be transmitted to The Odds API. This is a real transparency/privacy issue rather than an exploit primitive; it becomes relevant because users may assume the skill operates locally while it actually depends on an external provider.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal