ClawHub

Polymarket Eth 5m Mtf Momentum Dyll

Security checks across malware telemetry and agentic risk

Overview

This is an automated trading skill that is mostly coherent, but its BTC/ETH mismatch and easy live-trading path create real risk of unintended trades.

Install only if you understand this is an automated trading template. Verify whether you intend to trade ETH or BTC before use, run paper mode first, limit or monitor the SIMMER_API_KEY, avoid untrusted SIMMER_API_URL or TRADING_VENUE settings, and enable cron or --live only after adding your own limits, confirmation, and monitoring.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
81% confidence
Finding
The skill documentation instructs use of an API key and external market/data access, but the skill declares no permissions despite requiring environment-variable and network capabilities. This weakens user visibility and consent around sensitive capabilities, increasing the chance that a user runs a networked, key-consuming trading skill without understanding its access scope.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill metadata says it is for Polymarket BTC 5-minute momentum trading, while the body describes and appears to operate on ETH markets and ETH/USDT data, with extra position/config management capabilities not disclosed in the description. In a live-trading context, this mismatch can cause users to deploy the strategy against the wrong asset and underestimate what actions the skill can take, leading directly to unintended financial exposure.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The documentation mixes ETH and BTC references, including an ETH-branded skill with BTC-focused manifest/example text. For trading automation, ambiguous asset identity is safety-relevant because users may validate the strategy on one market while the bot executes on another, undermining informed consent and risk controls.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script is hard-coded for ETH and a Simmer trade source even though the skill metadata describes a Polymarket BTC 5-minute momentum strategy. This mismatch can cause operators to query and act on the wrong account context, leading to incorrect monitoring, bad trading decisions, and possible leakage of unrelated portfolio information in environments where multiple strategies share credentials.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill provides direct live-trading commands without an explicit warning that --live can place real-money trades and affect the user's portfolio. In financial automation, missing risk disclosure materially increases the likelihood of accidental execution, especially when the same command structure is used for paper and live modes.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script can place live trades whenever --live is supplied, with no secondary confirmation, interactive prompt, or safety interlock. In a trading skill, this increases the chance of accidental real-money execution from operator error, automation misconfiguration, or malicious invocation with live mode enabled.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal