ClawHub

Polymarket World Cup Group Favorites Repricing

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed prediction-market trading skill that uses a Simmer API key for market scans, position checks, and user-invoked live trades, with no evidence of hidden exfiltration or automatic installation-time execution.

Install only if you are comfortable giving this skill a Simmer API key and allowing live prediction-market trades when you run --live. Review manage_exits before the knockout date because a live run can sell matching World Cup outright YES positions, and avoid --no-safeguards unless you understand which context checks it skips.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises trading behavior but declares no permissions despite requiring environment, file, and network capabilities. This creates hidden trust assumptions for operators and makes it harder to review or sandbox the skill appropriately, increasing the chance of unintended secret exposure, filesystem access, or external communications.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented strategy is narrowly about World Cup market entries/exits, but the detected behavior also accesses account-level portfolio data and prints positions/PnL through separate status functionality. That mismatch is dangerous because users may authorize the skill for market execution without realizing it also inspects broader account information, expanding data exposure beyond the stated purpose.

Description-Behavior Mismatch

High
Confidence
92% confidence
Finding
The file implements a generic account-status viewer rather than functionality related to the declared World Cup favorites repricing strategy. This mismatch is dangerous because users may grant API credentials and run the skill under false pretenses, creating an opportunity for credential exposure, unauthorized account reconnaissance, or deceptive packaging of unrelated behavior.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The module docstring and CLI description present the script as a generic Simmer account-status tool, which contradicts the skill's declared trading-strategy purpose. While not directly exploitable on its own, this inconsistency increases deception risk and can mislead operators into running code with elevated trust or sensitive credentials for reasons unrelated to the advertised skill.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill can place live buy orders and automatically sell existing positions when invoked with --live or --positions, without any interactive confirmation or dry-run gating beyond command-line flags. In an agent or automation context, this raises the risk of unintended real-money trades or liquidations from misconfiguration, accidental invocation, or prompt/tool misuse.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
- `cooldown_hours`
- `max_trades_per_run`
- `daily_budget_usd`
- optional safeguards (`--no-safeguards` disables)
Confidence
88% confidence
Finding
--no-safe

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal