ClawHub

Polymarket Eth Midcandle

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed trading bot, but it needs Review because it can place real-money trades on a schedule and lets safeguards be disabled with one flag.

Install only if you are comfortable with automated real-money Polymarket trading. Start in paper mode, keep bet sizes and account exposure small, avoid --no-safeguards in live mode, do not enable cron until you have monitored behavior, and only configure a Discord webhook if you are comfortable sending trade details to that endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation clearly implies capabilities to read environment variables, access local files, write configuration/logs, and make network requests, yet no permissions are declared. In an agent ecosystem, this creates a transparency and consent failure: users may install or run a trading skill without understanding that it can access secrets, persist data, and communicate externally to exchanges/webhooks.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation transitions from paper mode to `--live` with only a brief label, but does not prominently and unambiguously warn that this will place real-money trades on the user's behalf. For an automated trading skill, insufficient disclosure materially increases the chance of accidental financial loss from user misunderstanding or copy-paste execution.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The docs advertise a `--no-safeguards` mode that disables flip-flop/slippage protections, but do not explain the concrete risks or strongly discourage routine use. In a live trading context, removing execution safeguards can directly increase losses, churn, adverse fills, and unstable automated behavior during volatile markets.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The manifest declares required use of an API key and allows an arbitrary Discord webhook URL, but provides no user-facing disclosure about outbound network activity, what data may be transmitted, or how credentials are handled. In a trading bot context, this is security-relevant because the skill runs on a schedule and could continuously send account, trade, or strategy metadata to third-party endpoints without the operator fully understanding that behavior.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The CLI allows `--live` to immediately enable real-money trading without a secondary confirmation, explicit acknowledgement of risk, or runtime interlock. In a trading skill, this materially increases the chance of accidental financial loss from operator error, automation misconfiguration, or unintended invocation.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
`notify_discord` sends trading activity to a user-configurable external webhook with no notice at the point of transmission and no content minimization. While the payload is limited to trade metadata, it still discloses potentially sensitive operational behavior to a third party and could leak strategy activity if the webhook is misconfigured or compromised.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
python eth_midcandle.py --positions   # Open positions
python eth_midcandle.py --config      # Current config
python eth_midcandle.py --smart-sizing  # Size by portfolio %
python eth_midcandle.py --no-safeguards  # Skip flip-flop/slippage checks
python eth_midcandle.py --set momentum_threshold=0.0010
```
Confidence
96% confidence
Finding
--no-safe

Tool Parameter Abuse

High
Category
Tool Misuse
Content
parser.add_argument("--config",        action="store_true", help="Show current config")
    parser.add_argument("--set",           action="append", metavar="KEY=VALUE", help="Set config value")
    parser.add_argument("--smart-sizing",  action="store_true", help="Portfolio-based sizing")
    parser.add_argument("--no-safeguards", action="store_true", help="Disable safeguards")
    parser.add_argument("--quiet", "-q",   action="store_true", help="Only output on trades/errors")
    args = parser.parse_args()
Confidence
91% confidence
Finding
--no-safe

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal