GridIron Nation · Convoro

Bring the GridIron Nation college-football look to your community. Applies a crimson skin site-wide and adds two sidebar widgets: a Live Scores ticker that auto-scrolls the day's NCAA scoreboard from ESPN (winning teams highlighted, live games flagged with a pulsing dot), and a Top Recruits widget listing the highest-rated FBS recruits (rank, stars, position, committed school — pairs with the free Recruiting extension). The crimson theme is one toggle; fine-tune every color in the Convoro theme editor.

AI security review

✓

Reviewed safe · 95/100

A college-football themed extension with two sidebar widgets backed by a cached server-side proxy of ESPN's public scoreboard API. No SQL, no dynamic includes, no shell execution; admin actions are properly gated and the ESPN URL is a hardcoded constant.

low · Outbound HTTP to ESPN — Extension.php fetchAndNormalize() calls Http::get() against a fixed hardcoded ESPN URL constant (no user-controlled target), with an 8s timeout and 60s cache. Not an SSRF vector since the URL is not influenced by request input; noted only for completeness.
low · Third-party logo/photo URLs rendered — forum.js sets img.src / background-image from ESPN- and Recruiting-sourced URLs; both client (safeUrl) and server (Extension::safeUrl) restrict to http(s) schemes and quotes are escaped before CSS url() injection, mitigating CSS/JS injection. Low residual risk from trusting third-party feed content.

Automated review of v1.3.1 by claude-opus-4-8 1 week ago. This is an automated signal to aid your judgment — not a guarantee.