ClawHub

Polymarket

Security checks across malware telemetry and agentic risk

Overview

This Polymarket skill is coherent for market lookups, but it also documents wallet-enabled trading and private-key setup without enough safeguards, so it needs review before use.

Use this skill in read-only mode for Polymarket searches, prices, and order books. Do not install the optional trading dependency or provide POLYMARKET_PRIVATE_KEY unless you intentionally want the agent to place or cancel orders, and require explicit confirmation for each market, side, amount, price, and order type.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The documentation expands the skill from information retrieval into transactional trading behavior, which materially changes the security profile. In an agent setting, undocumented or under-declared action capability can lead to unsafe tool selection, over-privileged deployment, or unintended financial operations.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Documenting private-key wallet configuration in a skill intended for odds queries normalizes introducing a high-value secret into a low-risk workflow. If an agent environment follows this guidance, wallet credentials could be stored insecurely, leaked through logs, or made available to components that do not need them.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The documentation expands a read-oriented sports odds skill into trading operations that require a wallet private key, which materially exceeds the stated no-auth market-data use case. Even if no executable trading path is shown here, normalizing private-key-based trading inside the skill creates scope creep and increases the risk that users or downstream agents expose sensitive credentials or attempt financial actions through a skill intended only for lookup.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Including trading capability in a sports prediction-market lookup skill is context-inappropriate because users and orchestrators will reasonably assume the skill is informational, not transactional. That mismatch can lead to unsafe agent behavior, accidental order placement workflows, or misuse of sensitive wallet material in a context where strong safeguards are not expected.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The instructions tell users to export a Polymarket private key without any warning about secret handling, which increases the chance of accidental exposure via shell history, process listings, screenshots, shared terminals, or logs. In an agent ecosystem, normalizing raw secret entry is particularly risky because prompts and command traces may be retained.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Mentioning wallet-private-key-based trading without prominently warning about credential sensitivity and financial consequences is dangerous because users may paste or store highly sensitive secrets in unsafe contexts. In an agent setting, this can lead to credential exfiltration, unauthorized trading, or irreversible asset loss if the key is mishandled or reused.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal