ClawHub

polymarket-minimal-buy-python

Security checks across malware telemetry and agentic risk

Overview

This is a real Polymarket trading helper, but it asks for a raw wallet private key and can place trades, update allowances, and cancel orders without built-in safety prompts.

Install only if you intentionally want an agent-accessible Polymarket trading client. Use a dedicated low-balance wallet, keep private.env out of git and synced folders, restrict file permissions, review and pin dependencies, and manually verify every trade, allowance update, and cancellation before running commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly instructs the user to place a blockchain wallet private key into a local plaintext file (`private.env`) and references exporting it from MetaMask or another wallet, but provides no meaningful warning about key-handling risk, file permissions, accidental commits, shell history, or host compromise. Because this key enables direct control of funds and authenticated trading, poor storage guidance materially increases the chance of credential theft and irreversible asset loss.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The usage section documents live market buys, sells, cancellations, and order-management commands without a prominent warning that these are authenticated actions against real funds and positions. In a trading context, users may run example commands assuming they are demonstrative or harmless, which can lead to unintended trades, cancellations, and financial loss.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The document describes methods for placing market and limit orders and cancelling orders, but provides no warning that these actions can cause real financial loss or destructive account changes when wired into an agent skill. In an agent context, exposing direct trading and cancellation primitives without confirmation, simulation, or scope limits increases the risk of unintended or unauthorized trades.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The auth flow instructs reading a private key from `private.env` and using it directly for wallet and API authentication, but does not warn that this is a highly sensitive credential that can fully control funds and trading permissions. In an agent skill, normalizing direct private-key handling without security guidance increases the chance of credential leakage, misuse, or unsafe storage.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code automatically calls update_balance_allowance() when no allowance is present, which performs a state-changing on-chain authorization without any explicit user confirmation. In a trading skill context, silently granting token allowances is dangerous because it expands what the trading client or related contracts can spend and can create irreversible financial exposure if the user runs the command unintentionally or against a misconfigured host/funder.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The market_buy, market_sell, limit_buy, and limit_sell paths execute real trades immediately once invoked, with no confirmation, dry-run, or safety interlock. Because this script is a CLI that loads a live private key and submits orders to a production trading endpoint, a typo, automation mistake, or deceptive wrapper invocation can directly cause unintended financial loss.

VirusTotal

45/45 vendors flagged this skill as clean.

View on VirusTotal