ClawHub

Polymarket Copy Dynamic Roster Trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Polymarket copy-trading skill that can trade real money only when live mode is explicitly enabled.

Install only if you intend to connect a Simmer/Polymarket trading account. Start in paper mode, use a dedicated low-privilege API key if possible, keep trade caps low, verify the simmer-sdk package, and do not run with --live unless you accept possible financial loss.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill documentation indicates use of environment variables and outbound network access (`SIMMER_API_KEY`, leaderboard scraping, Polymarket/data API calls, Simmer SDK copytrading) but does not declare corresponding permissions. This creates a transparency and governance gap: an agent or user may approve the skill without understanding it can access secrets and communicate externally, which is especially relevant for a trading skill that consumes API keys and makes live trading requests.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The manifest declares a required SIMMER_API_KEY for an automated trading skill and describes autonomous copytrading behavior, but it provides no user-facing warning or consent mechanism about credential use, delegated trading, or financial risk. In this context, the omission matters because the skill is explicitly designed to discover wallets and place trades automatically, so users may supply sensitive credentials without understanding that live market actions can be executed on their behalf.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal