ClawHub

Polymarket Ai Divergence

Security checks across malware telemetry and agentic risk

Overview

This is a real-money trading skill with mostly coherent behavior, but it needs Review because it requests sensitive wallet authority and performs an automatic portfolio action that is not clearly disclosed or gated.

Only install this if you understand it can place real trades when run in live mode and that a wallet private key can control funds. Prefer managed or paper trading first, set small budget limits, do not provide a private key unless necessary, and be aware the skill may attempt to redeem winning positions automatically when it starts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill calls client.auto_redeem() on startup, which performs portfolio-affecting actions beyond the manifest's described behavior of scanning divergence and placing trades. Even if redemption is beneficial, undisclosed automated position management violates least surprise and can trigger unintended transactions or tax/accounting consequences for the user.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly supports live trading and instructs users to provide a wallet private key, but it does not prominently warn that trades can use real funds, may be irreversible once submitted, and can lead to financial loss. In this context, missing risk disclosure is dangerous because users may enable --live or provide credentials without understanding that the skill can autonomously execute market orders on their behalf.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The manifest explicitly advertises support for a `WALLET_PRIVATE_KEY` environment variable, which is highly sensitive because it can authorize irreversible trades or asset transfers if exposed or mishandled. In a trading skill, the presence of signing credentials materially increases risk, and the manifest does not provide any explicit warning, scoping restriction, or safer alternative guidance beyond noting it is optional.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal