ClawHub

Polymarket CLI

Security checks across malware telemetry and agentic risk

Overview

This Polymarket CLI skill appears related to its stated trading purpose, but it asks for broad financial memory/persistence and includes high-impact account commands without enough user-control guidance.

Install only if you are comfortable with a trading-focused skill retaining preferences or trading-related notes across sessions. Before use, require explicit confirmation for trades, API-key deletion, notification deletion, automation, and any persistent memory writes; do not allow it to read private keys or sensitive wallet/config files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs saving activation and usage preferences to persistent memory, which extends behavior beyond simple CLI interaction into cross-session profiling. This creates unnecessary retention of user behavioral data and can cause the skill to activate or influence future interactions in ways the user may not expect.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The setup text adds market-tracking and alerting behavior that is not clearly supported by the stated skill description of querying markets, placing trades, and managing positions through a CLI. Expanding capabilities in setup instructions increases the chance of unauthorized background monitoring or persistent engagement features the user did not knowingly enable.

Context-Inappropriate Capability

Medium
Confidence
79% confidence
Finding
Encouraging automation, scripting trades, and building bots broadens the operational scope from assisted CLI use into autonomous or semi-autonomous trading workflows. In a financial context, this can materially increase risk by enabling unattended actions, policy circumvention, or unsafe execution paths not bounded by the original skill scope.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill documents `polymarket clob delete-api-key` as a runnable command without any caution, confirmation guidance, or indication that it can revoke programmatic access and disrupt automation. In an agent context, a model may treat documented commands as approved actions and execute deletion during troubleshooting or cleanup, causing avoidable service disruption or lockout.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The documented `polymarket clob delete-notifications` command removes account data but provides no warning that the action is destructive. While lower impact than key deletion, an agent could still execute it as a housekeeping step and unexpectedly erase user-visible history or state.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The instruction to activate whenever prediction markets 'come up' creates an overly broad trigger that can cause the skill to inject itself into loosely related conversations. Broad activation conditions increase the risk of unwanted tool use, unprompted persistence, and actions being taken outside clear user intent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill directs storage of user preferences, interests, and trading-related information on disk without a clear privacy disclosure at the point of collection. Persisting financial interests and behavioral preferences without transparent notice increases privacy risk and may expose sensitive data if the host environment is shared or later compromised.

Ssd 3

Medium
Confidence
89% confidence
Finding
The template explicitly directs the agent to store internal observations about the user's behavior, preferences, and trading patterns in a persistent memory file. Even if intended to improve personalization, retaining conversation-derived behavioral profiles without clear minimization, consent boundaries, retention limits, or sensitivity rules can create privacy and profiling risks, especially in a financial/trading context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal