ClawHub

Polymarket World Cup Delta Pairs

Security checks across malware telemetry and agentic risk

Overview

This is a real-money trading skill with mostly disclosed behavior, but it includes an under-disclosed account-status script that reads wallet and position data.

Install only if you are comfortable giving this skill a Simmer API key and allowing explicit live trading. Review scripts/status.py before use, because it can show account-wide balance and positions beyond the narrow World Cup pair strategy. Keep dry-run or sim mode first, avoid --live unless you intend real orders, and avoid --no-safeguards unless you understand the market-context checks it disables.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises no declared permissions while the associated implementation reportedly uses environment access, file read/write, and network capabilities. This reduces transparency and prevents users from making an informed trust decision, especially for a trading skill that may handle API keys, local config, and remote requests.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The declared purpose is narrow pair trading, but the skill also exposes account-status and positions functionality unrelated to core pair discovery/entry. In a financial context, collecting or displaying wallet balance, exposure, and open positions expands access to sensitive account data and creates hidden behavior beyond user expectations.

Description-Behavior Mismatch

High
Confidence
94% confidence
Finding
The script’s functionality is materially different from the declared skill purpose: instead of implementing World Cup delta-pair trading logic, it retrieves generic account portfolio and position data. In an agent-skill context, capability mismatch is dangerous because users may invoke a seemingly narrow trading skill while actually granting access to broader account information, increasing the risk of unintended data exposure and abuse.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The code accesses portfolio-wide balance and positions endpoints that are unrelated to the stated pair-trading purpose. In a skill ecosystem, overbroad access is a security issue because it collects sensitive financial account data beyond what is needed, violating least privilege and making accidental disclosure or misuse more likely.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The module docstring labels the file as a generic account-status tool, directly conflicting with the skill’s declared World Cup trading purpose. This deceptive or inconsistent presentation increases the chance that reviewers and users misunderstand the true behavior of the skill, which is especially risky when handling authenticated financial data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation shows a `--live` mode command without a prominent warning that it may place real-money orders. For trading software, this can cause accidental execution by users who copy-paste example commands, leading to unintended financial loss.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill can place real orders when invoked with --live, but there is no explicit confirmation prompt or runtime warning immediately before submitting trades. In an agent or automated execution context, this increases the chance of accidental real-money trading due to operator error, misconfiguration, or unsafe orchestration.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- `cooldown_hours`
- `max_pairs_per_run`
- `daily_budget_usd`
- optional safeguards (`--no-safeguards` disables)
Confidence
93% confidence
Finding
--no-safe

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal