ClawHub

Polymarket Micro Session Edge Trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed paper-first Polymarket trading bot that can place real trades only when run with an explicit live flag.

Install only if you intend to trust Simmer and its SDK with Polymarket trading access. Use paper mode first, provide a restricted or low-balance SIMMER_API_KEY where possible, review the position limits and thresholds, and run --live only when you are prepared for real USDC trades and possible loss.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill requests a high-value credential (`SIMMER_API_KEY`) and describes operational capabilities that imply environment access and stateful execution, yet the finding indicates no declared permissions despite detected `env` and `file_write` capabilities. This is a real security issue because undeclared sensitive capabilities reduce transparency for reviewers and users, making it easier for a skill to access secrets or write local files without explicit approval boundaries.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The manifest requires a live API key for an automated trading skill but does not surface any warning about credential use, order placement, or financial risk. In this context, users may supply sensitive credentials without understanding that the skill can autonomously trade, increasing the chance of unintended loss or overbroad trust in the bot.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill can place real Polymarket orders whenever invoked with --live, with no additional in-code confirmation, interlock, or environment-based safeguard. In an automated or misconfigured execution context, a mistaken flag, wrapper script, or operator error could trigger unintended live trades and real financial loss.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal