ClawHub

预测市场套利

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a read-only arbitrage tool, but it also includes under-disclosed wallet and P&L lookup commands that can expose financial activity through a third-party API.

Review before installing. The core arbitrage scanner appears read-only and purpose-aligned, but the package also contains wallet and P&L lookup commands that can query financial activity for supplied Polymarket addresses through AIsa. Do not provide wallet addresses or other identifiers unless you are comfortable sending them to that API, and monitor AISA_API_KEY usage because it may incur per-query charges.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The implementation exposes wallet activity, orders, positions, wallet metadata, and P&L lookups for arbitrary Polymarket addresses, which materially exceeds the stated purpose of discovering cross-platform sports arbitrage. That broadens the skill into third-party financial surveillance and can leak sensitive trading behavior or portfolio information to the remote API and downstream users.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The file provides a generic prediction-market client for many Polymarket and Kalshi operations, while the manifest describes a narrower sports arbitrage scanner. This mismatch increases attack surface and the chance an agent invokes unrelated capabilities, though by itself it is more a scope-control and least-privilege issue than a direct exploit primitive.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Wallet addresses and related query filters are sent to a third-party API, but the CLI provides no user-facing notice that these identifiers will be disclosed externally. In this context, addresses can reveal trading history and financial behavior, so silent transmission creates a privacy and data-handling risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal