ClawHub
Back to skill

Security audit

Polymarket Twitter Sentiment Spike Trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed, paper-by-default trading skill, but a live Simmer key plus the --live flag can place real Polymarket trades.

Install only if you intend to run a trading helper. Start with paper mode or a restricted/test Simmer key, keep --live usage manual, tune max position and max open positions conservatively, and do not rely on the documented minimum-volume filter until the implementation is updated to enforce it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
The manifest exposes a fully automated trading skill with position sizing, spread, volume, trade count, and threshold controls, which materially exceeds the stated purpose of merely detecting sentiment/news spikes and adjusting posting-rate expectations. This capability mismatch is dangerous because users may grant API access under a narrower description while the skill is actually configured to place and manage market positions, increasing the risk of unauthorized or misunderstood financial activity.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill description frames the tool as a correlation-based posting-frequency analyzer, but the tunables are generic trading and market-risk parameters rather than controls specific to sentiment-spike detection. This inconsistency can mislead operators about what the skill does, causing them to deploy it with live credentials and capital exposure they did not intend.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal