Back to skill

Security audit

yoooclaw-world-cup-match-talk-scene-en

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly aligned with generating World Cup conversation content, but it can broadly read recent mobile notifications and uses an unsafe web-crawling script, so it needs review before installation.

Install only if you are comfortable with the skill querying recent mobile notifications when notification or fan-group context is requested. Prefer providing an explicit notification file or tightly scoped groups, apps, keywords, and time ranges, and treat public-source crawl results as advisory because the bundled crawler disables HTTPS verification.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to use network access and to write crawl output to a local JSON file, yet no permissions are declared. That creates an authorization and transparency gap: users and hosting systems cannot accurately assess or constrain what the skill is allowed to access or persist.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The documented purpose is a fan-facing conversation generator with optional notification lookup, but the behavior includes broader scraping, source classification, and local report generation that are not clearly disclosed. Description-behavior mismatch is dangerous because it undermines informed consent and can hide materially different data collection, storage, or execution paths from reviewers and users.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The template explicitly encourages extracting conversation topics from a user's mobile phone notifications and fan-group activity, but it does not present any clear user-facing consent, minimization, or privacy warning in the template itself. Because notification content can include personal, behavioral, and social-graph data, using it to generate talking points creates a real privacy risk if users are unaware that private notifications may be analyzed or repurposed.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The code explicitly creates an unverified SSL context with ssl._create_unverified_context() and uses it for all HTTPS requests, disabling certificate validation. This allows a man-in-the-middle attacker on the network path to intercept or modify fetched search results and article content, which is especially relevant because the script consumes remote content and emits normalized JSON that may be trusted downstream.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instruction to query recent notifications without limiting group or app scope can collect unrelated personal data far beyond the match context. Notifications often contain sensitive content from messaging, finance, health, work, and personal apps, so broad default collection creates an unnecessary privacy exposure even if later filtering is attempted.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.insecure_tls_verification

HTTPS certificate verification is disabled.

Warn
Code
suspicious.insecure_tls_verification
Location
scripts/probe_cn_football_sources.py:195