ClawHub

Manual Trade Placement

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it can place and cancel live financial trades using wallet authority without strong built-in safeguards.

Install only if you intentionally want an agent to place and cancel live Polymarket orders. Use a dedicated low-balance wallet, check market, side, amount, price, order type, and venue before execution, and avoid using cancellation or non-dry-run commands without an explicit human review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation indicates access to environment secrets and networked trading behavior, but it declares no permissions. In an agent ecosystem, missing permission declarations can prevent meaningful user review and consent, especially when the skill uses API keys and a wallet private key to place real-money trades.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented purpose says the skill places manual trades, but the interface also supports canceling open orders, FOK orders, and alternate venues. This mismatch increases the chance that a user or supervising agent authorizes a narrower capability set than the skill actually exposes, which is especially risky because order cancellation and venue switching can materially change live trading outcomes.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The interface documents a cancel capability even though the manifest presents the skill as only placing trades. In a financial context, canceling live open orders is a distinct and potentially harmful action because it can alter exposure, strategy, and execution state without the user expecting that capability to exist.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest advertises capabilities beyond the stated skill description by exposing an unsupported order type (FOK) and an alternate venue (sim). In a trading skill, mismatches between documented behavior and declared controls can cause the agent or user to invoke untested execution paths, leading to unexpected order placement, failed trades, or routing to the wrong venue.

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The manifest requires a WALLET_PRIVATE_KEY, which is a highly sensitive credential that enables direct control of funds, yet the skill description does not clearly disclose private-key handling or its security model. In a manual trading skill, this increases risk because users may grant broad signing authority without understanding storage, exposure, or misuse implications.

Description-Behavior Mismatch

Low
Confidence
89% confidence
Finding
The skill description says it supports only FAK and GTC, but the CLI also accepts FOK orders. This capability mismatch can mislead operators and downstream policy systems, causing execution of an order type that was not disclosed or reviewed.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as a manual trade placement tool, but it also exposes market order cancellation, including cancelling all open orders on a market. Hidden destructive account actions increase risk because a caller or orchestrator may invoke broader powers than the description suggests, potentially disrupting trading strategy or removing protective resting orders.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README promotes immediate live trade placement and order cancellation but does not prominently warn that these are real financial actions that can spend funds, lock capital, or create unintended exposure. In an agent-driven context, users may interpret natural-language commands as low-risk automation and trigger irreversible or hard-to-reverse trades without understanding the consequences.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill lacks a prominent warning that FAK orders can execute immediately with real funds and that cancel operations affect live orders. In a real-money trading context, insufficient safety prompting materially increases the risk of accidental fund commitment or unintended strategy disruption by users and autonomous agents.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal