ClawHub
Back to skill

Security audit

Polymarket Btc Midcandle

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed trading bot, but it needs careful review because it can make unattended real-money trades and lets users bypass safeguards with minimal friction.

Install only if you are comfortable giving this skill authority over real trading funds. Use paper mode first, use a dedicated low-balance and revocable API key, avoid cron until you have reviewed results, do not use `--no-safeguards` with live funds, explicitly set the volume gate if you expect volume confirmation, and configure the Discord webhook only if you accept sending trade details to that endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises and documents capabilities that require environment access, file I/O, and network access, but it does not declare permissions. In an agent ecosystem, undeclared capabilities reduce user visibility and consent, making it easier for a trading bot to access secrets, persist config, and communicate externally without clear authorization boundaries.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The description emphasizes a simple momentum trading bot, but the documented behavior includes additional external communications, configuration mutation, position inspection, persistence, and strategy controls not captured in the declared purpose. That mismatch can mislead users about the operational and privacy footprint, especially for a live-trading skill that touches real funds and may send data to third parties via webhooks.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill contains an outbound Discord webhook feature that is not required to execute the core trading strategy. Even though it currently sends trade-status text rather than secrets directly, it creates an additional exfiltration channel and allows operational trading activity to be transmitted to an arbitrary external endpoint controlled by whoever sets the webhook.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill presents live-trading and protection-bypass commands in a normalized, copy-pastable way without an immediate, explicit warning about real-money loss and the consequences of disabling safeguards. In a financial-trading context, this raises the chance that users will execute dangerous commands directly, potentially causing avoidable monetary loss.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Passing --live is sufficient to enable real-money trading, and the script performs trades without any explicit interactive confirmation, acknowledgment of risk, or secondary safety gate. In an agent or automation context, a misconfigured invocation, prompt injection into surrounding tooling, or accidental flag propagation could trigger unintended live trades with financial loss.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest defines a cron schedule and a managed entrypoint for an automated real-money trading bot, but it does not express meaningful safety constraints such as market-state checks, user confirmation gates, position/risk guardrails, or explicit exclusion conditions beyond a tunable skip-hours string. In the context of a Polymarket scalper that claims 24/7 operation and real-money use, unattended execution increases the chance of unintended or harmful trades if configuration is wrong, market conditions change, or the downstream code behaves unexpectedly.

Session Persistence

Medium
Category
Rogue Agent
Content
### 5. Set up cron (recommended)

```bash
crontab -e
```

Add:
Confidence
78% confidence
Finding
crontab -e

Tool Parameter Abuse

High
Category
Tool Misuse
Content
python btc_midcandle.py --live --smart-sizing

# Skip safeguards (advanced — not recommended)
python btc_midcandle.py --live --no-safeguards

# View config
python btc_midcandle.py --config
Confidence
96% confidence
Finding
--no-safe

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.