Back to skill

Security audit

yoooclaw-world-cup-post-match-review-scene-en

Security checks across malware telemetry and agentic risk

Overview

The skill is a World Cup match-review helper, but it can read local notification or group-chat content for hot-topic summaries without a clear consent gate or tight app/group scope.

Install only if you are comfortable with the agent using local notification or group-chat snippets to summarize World Cup discussion. Before using hot-topic or full-review modes, explicitly specify which apps/groups and time range may be searched, or avoid notification-based features.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest description is broad enough to match ordinary sports-summary requests, not just clearly delimited World Cup post-match tasks. That can cause over-invocation of the skill and unexpectedly expose its more sensitive behaviors, including retrieval and processing of local notification content, in contexts where the user did not clearly intend to invoke this specific skill.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger conditions for notification retrieval are overly loose, allowing activation from generic mentions of groups, apps, notifications, or hot discussions. In practice this can cause the skill to access local notification data based on ambiguous user language, which is a privacy-sensitive action and exceeds what many users would reasonably expect from a sports review skill.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill authorizes querying local fan-group and app notifications without a clear upfront privacy notice or explicit consent gate. Because notifications may contain sensitive personal communications, broad retrieval and filtering of them for match discussion creates a meaningful risk of unintended data access, disclosure, and processing beyond the user's informed expectations.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.