ClawHub

Polymarket Quant Trader

Security checks across malware telemetry and agentic risk

Overview

This real-money trading skill is broadly coherent, but it should be reviewed because it relies on unreviewed external bot code, wallet/API secrets, and under-scoped live trading controls.

Install only after independently auditing the external bot repo and dependencies. Use a dedicated low-balance wallet, keep DRY_RUN enabled until you have tested thoroughly, never paste production private keys into chat or logs, avoid broad exchange API permissions, verify the Brier-score implementation, and require explicit manual approval plus strict exposure limits before any live trade.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill presents itself as a trading/analysis system, but it also documents an autonomous strategy mutation loop that rewrites configuration, bumps versions, and persists checkpoints. That expands the operational scope from analysis into self-modifying behavior, which can surprise callers, bypass expected review points, and lead to unsafe unattended changes in a live-trading context.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is framed as a Polymarket system, but the setup also solicits Binance API credentials for optional hedging, expanding it into multi-platform exchange integration. This hidden scope increase matters because it broadens the set of sensitive secrets the skill may induce users to provide and raises the blast radius if those credentials are mishandled.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The snippet is presented as the Brier score calculation, but it raises the prediction error to the power of 0.2 instead of squaring it. In a trading skill, this misstates the optimization objective used for calibration, which can materially distort model evaluation, mislead the autoresearch loop, and drive unsafe Kelly sizing and trade selection based on falsely interpreted forecast quality.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list contains broad terms like 'quant trading' and 'brier score' that can appear in general educational or analytical conversations, increasing the chance the skill activates without clear user intent. In a skill that encourages trading, wallet configuration, and arbitrage workflows, overbroad activation can steer users into high-risk financial guidance unexpectedly.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to configure wallet keys and describes live trading and cross-platform arbitrage, but provides only a brief paper-trading note and no prominent warning about real-money loss, legal/compliance constraints, counterparty risk, or private-key handling. In this context, users may underestimate the financial and operational risk and move quickly from installation to live trading with sensitive credentials.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes broad terms like 'quant trading' and 'sports betting math' that can match ordinary discussion, causing the skill to activate outside narrow user intent. In a skill capable of discussing live trading workflows and credentialed integrations, over-broad invocation increases the chance of unnecessary exposure to risky instructions or accidental operational guidance.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documents use of highly sensitive secrets such as private wallet keys and exchange API credentials alongside commands for live trading, but it does not provide a strong upfront warning or handling policy. In this context, missing credential-safety guidance is dangerous because users may paste production secrets into insecure environments or enable live execution without understanding the consequences.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This guide provides specific bankroll-sizing formulas, default betting modes, and concrete wagering examples without any accompanying warning that trading prediction markets is risky and that the material is informational rather than personalized financial advice. In the context of a skill explicitly designed for automated quant trading and self-improving strategy execution, this omission makes it more likely users will operationalize the guidance directly and take on material financial risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal