ClawHub

polymarket-predictradar-whale-alert-skills

Security checks across malware telemetry and agentic risk

Overview

This is a read-only Polymarket whale-alert skill, with some data-quality and privacy-transparency caveats but no evidence of hidden execution, credential theft, persistence, or account mutation.

Install only if you want wallet-level Polymarket analytics in chat and are comfortable with the agent querying a live/shared Polymarket data layer. Treat Unclassified results or lowered-threshold output as less reliable, and verify the referenced polymarket-data-layer helpers before relying on the reports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The error-handling path explicitly says that if smart money classification is empty, the skill should skip profile filtering and display raw data as 'Unclassified'. That contradicts the core requirement to surface only verified smart-money whales, and can cause the agent to present unverified addresses as whale activity during outages or stale-cache conditions. In this context, that is a data-integrity and privacy-risk issue because the skill publishes full wallet addresses and performance-oriented labels to users.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The fallback instruction to lower the threshold to $2,000 when no orders >= $5k exist conflicts with the documented definition of 'large orders' and with later per-label thresholds. This can silently broaden the dataset and mislead users about what qualifies as whale activity, reducing trust and potentially exposing more wallet activity than users expect from the feature description. The issue is primarily integrity and scope creep rather than direct code execution or system compromise.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes broad phrases like 'who's buying', 'who's selling', and 'big bets', which can appear in ordinary conversation and cause unintended activation. Because the skill performs live data retrieval and outputs full wallet addresses plus trader performance information, accidental invocation can disclose sensitive trading-related information to users who did not clearly request it. The context makes this more serious than a generic misfire because the skill surfaces identifiable on-chain addresses and behavioral profiling.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The user intent mapping contains ambiguous examples such as 'What are whales buying?' and 'Any large orders today?' without clear activation boundaries, increasing the chance that the skill runs on loosely related user requests. Since execution triggers live queries and returns full addresses and trader metrics, ambiguous routing can lead to unnecessary disclosure of financial behavior data and user confusion about why this skill ran. The danger is heightened by the skill's auto-trigger framing and broad trigger vocabulary.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description and core principles indicate that it will display full 42-character wallet addresses, win rates, and PnL from live sources, but there is no clear user-facing warning that sensitive trading-profile information will be surfaced. Users may invoke the skill expecting a market summary, not deanonymized-looking wallet-level analytics, which creates a transparency and privacy concern. In this context, the missing disclosure is significant because the output is intentionally detailed and linkable to individual profiles.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal