ClawHub

Polymarket Trading Setup

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Polymarket setup guide, but it asks an agent to handle financial keys and place a real test order without clear confirmation safeguards.

Review this before installing. Use only a dedicated, limited-funds Polymarket wallet; keep .env out of source control with restrictive permissions; do not paste private keys or API secrets into chats or logs; require explicit approval before any token approval or order submission; prefer bounded USDC approvals; and rotate or revoke credentials if they may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide tells users to persist API key, secret, and passphrase in a `.env` file but does not warn that these are sensitive secrets that must not be committed to source control or shared in logs, backups, or artifacts. In an AI-agent and automation context, these credentials enable authenticated trading actions and account access, so accidental exposure can lead to unauthorized trades or account abuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documented environment variables include a private key and API credentials, but the guide does not clearly distinguish which values are secret versus public or warn about secure storage requirements. Exposing a trading wallet private key is especially dangerous because it can allow full compromise of signing authority and downstream fund loss, while exposed API credentials may permit authenticated exchange actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Using `export POLYMARKET_PRIVATE_KEY="0x..."` in shell examples can leak the private key through shell history, CI logs, process-environment inspection, crash reports, or shared terminal recordings if users copy the command literally. Because this skill is specifically for automated trading on a live financial platform, compromise of the private key can directly enable unauthorized order signing and potential fund theft.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent/user to place a blockchain private key and related service endpoints in a local .env file, but does not warn that the private key is highly sensitive, should never be committed, and must be protected with strict filesystem and secret-handling controls. In a trading setup, compromise of this file can directly enable unauthorized trading and potentially loss of funds, making the omission materially risky even if storing secrets in env files is sometimes operationally common.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly tells the agent to derive API credentials and persist them to .env, creating long-lived authentication material on disk without warning about persistence, rotation, revocation, or secure storage. Those credentials can be exfiltrated from source trees, backups, CI artifacts, logs, or shared developer machines and then used to access trading functionality tied to the account.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal