ClawHub

Polymarket Sol 5m Mtf Momentum Dyll

Security checks across malware telemetry and agentic risk

Overview

This is a real-money trading skill whose code mostly targets SOL, but its published description and examples mix BTC, SOL, Polymarket, and Simmer in ways that could cause unintended trades.

Review this carefully before installing. Confirm whether you intend to trade SOL or BTC and whether execution is through Simmer, Polymarket, or both. Run only in dry-run mode first, use a limited SIMMER_API_KEY if available, keep trade size and cron automation constrained, and treat --live as capable of spending real funds.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill advertises commands that require environment variable access (`SIMMER_API_KEY`) and network access to external services, yet no permissions are declared. That mismatch weakens user consent and review because operators are not clearly informed that the skill will read secrets and communicate with trading APIs before running it.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill description says it is for Polymarket BTC 5-minute momentum trading, but the documentation describes SOL trading, Binance SOLUSDT inputs, Simmer fast markets, config mutation, and extra scripts. In a trading context, this kind of description-behavior mismatch is dangerous because a user may authorize execution under false assumptions and place real-money trades on the wrong asset, venue, or configuration path.

Intent-Code Divergence

Medium
Confidence
82% confidence
Finding
Within the documentation itself, the strategy is described as trading SOL markets while the manifest/example text references BTC fast markets. This inconsistency increases operational risk because traders may deploy or tune the strategy for one market while it actually evaluates or executes against another, leading to unintended exposure and bad risk controls.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata says it trades BTC 5-minute fast markets, but the implementation is hard-coded for SOL via ASSET="SOL" and BINANCE_SYMBOL="SOLUSDT". This is dangerous because operators may authorize the skill under false assumptions and place real trades in the wrong market, creating unintended financial exposure and invalidating monitoring or risk controls tied to BTC.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The module documentation states the strategy uses Binance SOL/USDT returns while the surrounding skill context describes BTC fast markets. In a trading skill, misleading documentation is security-relevant because it can cause reviewers and users to approve or deploy a strategy they do not actually understand, increasing the chance of unauthorized or mis-scoped live trading.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation provides a direct `--live` command for real trading but does not clearly warn that it can execute trades with user funds or require a deliberate confirmation step. In a financial-trading skill, that omission is risky because users may move from paper mode to live execution without appreciating the immediate monetary consequences.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal