ClawHub

Polymarket Twitter Cadence Model Trader

Security checks across malware telemetry and agentic risk

Overview

This is an openly disclosed paper-by-default trading skill that can make real Polymarket trades only when explicitly run in live mode with a Simmer API key.

Use this first in paper mode. Only provide a live-capable SIMMER_API_KEY and pass --live if you knowingly accept real-money trading risk; review simmer-sdk and keep the key scoped, private, and out of any scheduled automation you do not fully control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill declares that it requires and uses a sensitive environment variable (`SIMMER_API_KEY`) but does not appear to declare corresponding permissions explicitly. That creates a transparency and governance gap: users or platforms may underestimate that the skill can access trading credentials, which is especially relevant because the same document also describes optional live trading. In a trading skill, undeclared env access is more dangerous than in a harmless utility because it can be combined with order execution capabilities.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The description frames the skill primarily as a Twitter cadence pricing model, but the content also states it can trade Truth Social markets and execute real trades on Polymarket when `--live` is supplied. That mismatch can mislead operators about both scope and financial risk, increasing the chance they deploy or authorize it under incomplete assumptions. In this context, behavior ambiguity is especially dangerous because the capability is not merely analytical; it can place real-money trades.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal