ClawHub

Polymarket Bot Skill

Security checks across malware telemetry and agentic risk

Overview

The skill matches its Polymarket trading purpose, but it handles real trading credentials and defaults toward live automated trades without enough safeguards.

Review carefully before installing. Use only a low-value or dedicated wallet, avoid running auth_setup.py in shared or logged environments, change examples to dry_run=True by default, add explicit live-trading confirmations and position/loss limits, and redact or securely store any API keys, secrets, passphrases, or private keys.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This skill promotes automated trading, authentication setup, and Polygon blockchain interaction without explicit warnings about live financial loss, irreversible on-chain actions, or safe credential handling. In this context, omission is risky because users may run scripts against production markets or expose private keys/API credentials, leading to direct monetary loss or account compromise.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The prompts explicitly instruct an AI to generate automated trading code and to handle a private key for CLOB authentication, but they do not include warnings or guardrails for financial risk, key-management safety, or safe operational practices. In the context of a bot-building skill for live prediction-market trading on Polygon, this omission makes it more likely that users will generate and run unsafe code that exposes credentials or executes risky trades without understanding the consequences.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example prompts instruct users to build trading automation that takes a private key as input and loads it from environment variables, but they provide no warning or safeguards for handling high-value blockchain credentials. In the context of an AI code-generation workflow, this can normalize insecure key usage patterns, leading generated code to expose secrets in logs, prompts, source files, or long-running bot processes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The bot can place live orders automatically based on third-party trader activity with no explicit user confirmation, approval workflow, risk limits, or validation at execution time. In a financial trading skill operating on a live blockchain market, this is dangerous because a misconfiguration, malicious upstream data, or flawed strategy can immediately trigger real-money trades and losses.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script prints the derived API credentials returned by the Polymarket CLOB authentication endpoint directly to stdout. In bot and blockchain environments, stdout is often captured by terminals, shell history wrappers, CI logs, process supervisors, or cloud logging systems, which can expose the API key, secret, and passphrase to other users or systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The bot is instantiated with `dry_run=False`, which enables real trades by default without any explicit confirmation, safety interlock, or environment-based gating. In a trading skill that handles blockchain market execution, this materially increases the chance of unintended financial loss from misconfiguration, testing mistakes, or automated execution against live markets.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal