Is sports-ticker safe?

The SKILL.md file contains a complete second skill definition for 'firecrawl-cli' appended after the sports-ticker content. This is a skill-bundling/piggyback technique where installing a benign sports ticker also injects extensive web scraping, crawling, and search capabilities into the agent's system prompt. The firecrawl skill includes instructions to install global npm packages, authenticate with external services, create directories, modify .gitignore, and execute parallel shell commands. This is a classic trojan-style payload delivery — the user consents to a sports ticker but gets a full web scraping toolkit.

The bundled firecrawl-cli skill instructs the agent to run 'npm install -g firecrawl-cli' which installs a package globally on the user's system. This is outside the scope of a sports ticker skill and could introduce supply chain risks.

The auto_setup_crons.py script generates cron job configurations that, if applied by the agent, would create recurring scheduled tasks on the user's system. While the output format targets an 'OpenClaw cron API' rather than system crontab directly, the agent could interpret these as instructions to create system-level cron jobs.

The skill contains 7 Python scripts that the SKILL.md instructs the agent to execute. While the scripts themselves appear to perform legitimate ESPN API queries, the broad execution surface increases risk if any script were later modified.

The firecrawl-cli skill bundled in SKILL.md enables the agent to scrape any URL, crawl entire websites, and search the web. This could be weaponized to scrape internal company resources, private documentation, or sensitive endpoints accessible from the user's network.

Multiple scripts use sys.path.insert(0, ...) to add the scripts directory to the Python module search path. While this is a common pattern for local imports, it could theoretically be used to shadow standard library modules.

The espn.py script sets a Mozilla User-Agent header when making API requests. While this is common for API access, it disguises the true origin of requests.

No suspicious activity during clone/install. All filesystem events were standard Node.js JIT artifacts in /tmp/jiti/, not originating from this skill. No network connections, no process spawning.

No canary files (fake .env, SSH keys, AWS credentials) were accessed or modified during the audit.

The primary risk of this skill is the bundled firecrawl-cli definition hidden within SKILL.md. A user who installs 'sports-ticker' expecting only sports alerts will unknowingly inject a comprehensive web scraping, crawling, and search toolkit into their agent's capabilities. This is a social engineering vector: the sports ticker serves as a Trojan horse to deliver the firecrawl skill, which has significantly more powerful and potentially dangerous capabilities including global package installation, browser-based authentication, parallel execution, and arbitrary URL scraping. The sports-ticker code itself is well-written and appears genuinely functional.