ClawHub

PolyClaw Pro

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Polymarket trading skill, but it gives an agent live wallet authority and includes under-scoped automation and incomplete delegated trading code that users should review carefully.

Install only with a fresh low-balance wallet. Do not enable cron automation or the SSH/API bridge until you have reviewed and, if needed, corrected the hard-coded wallet/funder address and supplied missing modules. Treat buy, sell, approve, redeem, and swap commands as live financial actions that can spend gas, move assets, or liquidate positions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documents and encourages use of sensitive capabilities including environment-variable secrets, file read/write, network access, and shell execution, yet declares no explicit permissions. In a trading skill that handles a private key and supports automated transactions, this mismatch reduces transparency and undermines any permission-gating or review process, increasing the risk of unintended secret exposure or unauthorized actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script is explicitly designed to run from cron and will automatically submit approval and redemption transactions whenever its heuristics say a position is redeemable. While this appears operational rather than malicious, it removes human review for irreversible on-chain actions, so bad API data, logic errors, or unexpected contract behavior could trigger unwanted transactions and token approvals.

Missing User Warnings

Medium
Confidence
77% confidence
Finding
This API bridge exposes a swap command that delegates directly to swap.py and supports an 'auto' mode described as swapping all non-USDC.e assets. In an SSH-invoked bot integration context, this creates a meaningful risk of unintended or destructive asset conversion if called accidentally, by a compromised upstream bot, or without sufficient confirmation controls.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal