ClawHub

Polymarket Onlyfans Trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed paper-by-default trading bot, but live mode can spend real funds and its market selection is broader than the stated strategy.

Install only if you are comfortable supervising an automated prediction-market trading bot. Keep it in paper mode first, use a limited trading key or limited funded balance, set conservative position limits, and do not enable `--live` unless broad keyword discovery and unknown-market trading are acceptable to you.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
The code trades markets classified as 'unknown' using generic YES/NO thresholds even though the documented edge model only supports join, ban, and earnings markets. In a live-trading skill, this means the agent can place real orders outside its stated strategy boundary, increasing the chance of unintended or unjustified trades on irrelevant markets.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The keyword list ends with the generic term `onlyfans`, which can match many unrelated mentions and cause over-triggering. In a trading skill, broad triggering is dangerous because it can misclassify markets or surface irrelevant opportunities, leading to unnecessary or erroneous trade decisions rather than a narrow, intended scope.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill does note that `--live` uses real USDC, but the overall description emphasizes strategy and execution plumbing more than the concrete risk of monetary loss from live trading. In a skill that can place real-money prediction-market trades, insufficiently prominent risk disclosure can lead operators to enable live mode without fully understanding loss exposure and credential sensitivity.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest requires a SIMMER_API_KEY and clearly describes automated trading behavior, but it does not provide any user-facing warning that credentials will be used to access an external trading service and potentially place market trades. In a trading skill, silent credential use is more dangerous because users may grant the key without understanding the financial consequences, increasing the risk of unauthorized or unexpected account activity.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal