ClawHub

Polymarket World Cup Player Goal Value

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed trading skill, but its live financial authority has enough scope and execution ambiguity that users should review it carefully before installing.

Install only if you are comfortable granting a Simmer API key to a skill that can place live trades. Start in dry-run or sim, keep budgets low, and prefer live polymarket mode if you expect priced GTC limit orders; review or modify the code before using kalshi/live or before allowing non-World-Cup player-goal markets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill describes behavior that requires network access, filesystem reads/writes, and likely environment variable use, but it does not declare permissions. This creates a transparency and policy-enforcement gap: a host may not correctly scope or review what the skill can access before execution, increasing the chance of over-privileged operation in a live trading context.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The discovery and filtering logic is broader than the stated World Cup-specific scope, so the skill can trade league, season, or generic player-goal markets. In an autonomous trading context, scope drift is dangerous because users may authorize a narrowly themed strategy but the code executes materially different trades.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill promises patient limit-order execution, but on non-Polymarket venues it omits price and order type, effectively allowing immediate market-style execution depending on SDK behavior. That mismatch can cause worse fills, bypass intended slippage discipline, and expose users to unintended execution risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal