ClawHub

Polymarket Solana Onchain

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real trading automation tool, but it can run live trades on a schedule with an API key and does not clearly disclose or gate that risk.

Install only if you intentionally want automated trading. Use a least-privilege Simmer key, confirm whether TRADING_VENUE is simulated or a real-money venue, lower the position and trade limits, and disable the cron/automaton unless unattended live trading every 10 minutes is explicitly desired.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The manifest declares a required SIMMER_API_KEY even though the skill description explicitly says no API keys are required. This mismatch is security-relevant because it can mislead users into supplying unnecessary credentials to a skill that may then transmit or misuse them, and it undermines informed consent about secret handling.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises a live trading mode without a clear warning that it can place real orders and cause real financial loss. In a trading context, that omission is materially dangerous because users may treat the examples as low-risk operational guidance and trigger irreversible trades on prediction markets.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The skill states it sends trading and market data to external APIs but does not disclose privacy implications, retention, or what data may be shared for execution and attribution. While this is expected for a networked trading skill, the lack of transparency can expose users to unintended disclosure of market interests, account-linked activity, and strategy metadata.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill can place real trades when invoked with --live, but there is no explicit confirmation prompt, secondary acknowledgement, or last-moment risk warning immediately before order submission. In a trading skill, this materially increases the chance of accidental financial loss from operator error, automation misconfiguration, or unintended execution.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal