Win Football Predictor

Security checks across malware telemetry and agentic risk

Overview

The skill is a local football predictor, but its claims about historical data, model methods, and backtest accuracy are not supported by the included code.

Review this carefully before installing. Treat it as an entertainment or demo predictor only, not as evidence-backed betting guidance. Ask the publisher for real source data, reproducible backtests, dependency versions, and trained model artifacts before relying on any accuracy or historical-performance claims.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 66% confidence
Finding: The skill is reported to have file-writing capability without declaring any permissions, which creates a transparency and trust problem for users and hosting platforms. Even if the writes are only for predictions or backtest reports, undeclared filesystem access can overwrite local files, leak data into artifacts, or be abused by later code changes because the capability is hidden from reviewers.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: This is a substantive description-behavior mismatch: the skill claims a historical-data football predictor, but static analysis indicates simulated data generation, undisclosed report export, backtesting, and local file output. That is dangerous because users may make decisions based on false assumptions about data provenance and capability scope, while the undeclared write/export behavior expands the attack surface and can conceal misleading or fabricated outputs.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The module presents itself as a historical lottery data collector for 500.com, but the implementation generates synthetic periods, teams, match outcomes, odds, and model features instead of retrieving verifiable source data. In a betting-prediction skill, this is dangerous because downstream training, evaluation, or user-facing predictions may be based on fabricated data while appearing authentic, creating integrity, fraud, and decision-risk issues.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The period/team/league generation logic and later simulated features are invented and not tied to actual historical draws or match records, despite comments implying period-based historical data derivation. In this skill context, that can mislead users or models into treating fictional sports and lottery history as real evidence, undermining prediction reliability and possibly concealing data quality issues.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The module advertises a CatBoost/XGBoost/Dixon-Coles ensemble, but the implementation uses heuristic probability blending and synthetic proxies instead of the named models. This is a software integrity issue because users may rely on claimed model provenance, performance, and methodology that do not actually exist, leading to deceptive outputs and unsafe operational trust in the tool.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The code comments claim a Dixon-Coles submodel, but `p3 = pi_p` simply reuses Pi-Rating output. This misrepresentation weakens transparency and can mislead users into believing there is model diversity and calibration that is not present, inflating confidence in the prediction engine.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The skill claims coverage of 710 periods and 9,940 historical matches, but this section fabricates match data using pseudorandom generation rather than loading real historical records. In context, this is more dangerous because the skill is explicitly marketed as a predictive model for betting-style decisions, so synthetic data can create false credibility and materially mislead users.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The CLI advertises full backtesting for 2022-2026, but the backtest logic evaluates against self-generated synthetic results, not real outcomes. That makes reported accuracy and distribution metrics fundamentally deceptive, which is especially risky in a gambling/prediction context where users may treat backtest figures as evidence of real-world performance.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal