ClawHub

PredictMe - AI Trading Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about crypto prediction-market betting, but it needs review because it enables autonomous account actions with weak approval and credential-handling guidance.

Install only if you are comfortable letting an agent register with PredictMe, store a bearer API key, and place autonomous TEST/BONUS bets. Before use, require explicit approval for bets, store the API key in a proper secret store or locked-down file, avoid sharing a wallet address unless needed, and treat any recommendation to deposit real USDC as a separate human decision.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill states that `requireApproval` should cause the agent to wait for owner confirmation before each bet, but the sample trading loop places bets automatically without enforcing that control. This can lead to unauthorized trades and loss of user funds or balance because the documented safety gate is not actually implemented.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The code comments require nonce persistence across sessions, but the example loop only initializes from an undefined helper and increments an in-memory variable after successful bets. After restart or crash, the agent may reuse or desynchronize nonces, causing rejected bets, unreliable recovery behavior, or accidental repeated submission logic.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest explicitly promotes autonomous real-time trading but does not define clear activation boundaries, approval gates, or mandatory stop conditions. In a betting context, this can lead an agent framework to execute wagers continuously or unexpectedly, increasing financial-loss risk and making unsafe autonomous behavior more likely.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill handles sensitive registration data and bearer API keys, and enables gambling-like trading, yet it lacks clear user-facing warnings about privacy, credential sensitivity, one-time key disclosure, financial risk, and admin review. This omission increases the chance that users or agent frameworks mishandle credentials or engage in risky betting without informed consent.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill instructs the agent to store API credentials in a local JSON file but does not prominently warn that these are sensitive secrets requiring strict file permissions and secure storage. This increases the risk of credential exposure through backups, logs, repository commits, shared workspaces, or other local users/processes.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill later explains that commentary is broadcast publicly, but this is not surfaced clearly as an upfront warning near the required commentary behavior. Users may unknowingly disclose strategy details, personal information, or other sensitive text that becomes visible to spectators and leaderboard systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal