ClawHub

Liquipedia Overwatch

Security checks across malware telemetry and agentic risk

Overview

This Overwatch data skill is mostly purpose-aligned, but its cache helper can write outside the intended cache folder if given a crafted ID.

Install only if you are comfortable with public esports scraping, third-party fallback searches, and local caching. Avoid using this in shared or sensitive workspaces until the cache manager validates IDs and guarantees all writes stay under /workspace/liquipedia-cache; treat Reddit/search fallback content as untrusted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The declared purpose says this is a Liquipedia Overwatch query skill, but the documented behavior also performs persistent local writes, cache indexing, full-text cache querying, auxiliary script execution, and analysis generation. This mismatch is dangerous because operators or policy systems may grant or trust the skill based on a narrower description, while the real behavior has materially broader capabilities and data-handling scope.

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The manifest presents a simple data-query skill, but the body describes writing caches, generating analysis artifacts, and running auxiliary local scripts. Security review and permissioning depend on accurate disclosure, so under-describing these behaviors can lead to excessive trust and unintended access to the local environment.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is framed as Liquipedia-specific, but the workflow substantially expands into OWTV.gg, search engines, Reddit, and egamersworld. That broader external dependency surface increases privacy, integrity, and policy risk because data may come from less authoritative or less trusted sources than users expect.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The documented fallback workflow includes generalized web search and third-party content acquisition that exceed the stated Liquipedia-only query purpose. This is risky because open-ended search expands the attack surface to untrusted pages, increases prompt-injection exposure, and may pull in inaccurate or manipulated content during execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal