ClawHub

Polymarket Arbitrage Pro

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Polymarket trading skill, but it asks for highly sensitive wallet access and can place live trades automatically with unclear safeguards.

Review carefully before installing. Use only a dedicated low-balance wallet, never a primary wallet key, and do not run scan or monitoring modes unless you have confirmed they cannot place live orders without your approval. Prefer versions with dry-run defaults, hard spend caps, per-trade confirmation, pinned dependencies, and clear private-key handling guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares environment-variable use and implies networked trading behavior, yet no explicit permissions are declared. That weakens platform trust boundaries and can mislead users about the skill's ability to access sensitive secrets and external services, especially because it requests a wallet private key and billing key.

Missing User Warnings

High
Confidence
98% confidence
Finding
The README explicitly instructs users to export a raw Polygon private key from consumer wallets and place it into an environment variable for the skill to use. That creates a high-risk secret handling pattern: compromise of the host, logs, shell history, process environment, or the skill itself could expose the key and allow irreversible theft of on-chain funds. In this skill's context, the danger is elevated because the tool is designed to perform automated financial transactions and requests both a wallet private key and a billing key, making credential misuse directly monetizable.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises automatic trade execution and 'automatic order placement' but does not provide a prominent, explicit warning that it can place real orders on the user's behalf. In a financial-trading context, this is dangerous because users may invoke it without understanding that it can spend funds, create positions, and incur losses or fees automatically.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation instructs users to export and provide a Polygon wallet private key to the skill environment without a strong warning about credential sensitivity. A private key gives full control of the wallet; if exposed to the skill, logs, subprocesses, or remote services, an attacker could drain funds and sign arbitrary transactions.

Missing User Warnings

High
Confidence
99% confidence
Finding
In continuous monitoring mode, the skill repeatedly scans markets and can place real buy orders automatically whenever a simplistic condition is met, without per-trade confirmation, opt-in safeguards, spending limits, or dry-run mode. Because the skill is wired to a real wallet private key, this can cause unauthorized or unintended financial loss through repeated live trading.

Missing User Warnings

High
Confidence
99% confidence
Finding
The 'scan' path is expected to inspect opportunities, but it also submits live buy orders automatically during detection. In this skill context, that is especially dangerous because users may provide a real Polygon private key and invoke a seemingly observational command that triggers irreversible market activity and potential loss.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"node": ">=14"
  },
  "dependencies": {
    "node-fetch": "^2.7.0",
    "ethers": "^5.7.2"
  }
}
Confidence
85% confidence
Finding
"node-fetch": "^2.7.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
},
  "dependencies": {
    "node-fetch": "^2.7.0",
    "ethers": "^5.7.2"
  }
}
Confidence
85% confidence
Finding
"ethers": "^5.7.2"

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal