ClawHub

Prediction Market Trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Kalshi trading toolkit, but it can use real account credentials to place or cancel live orders without enough built-in safeguards.

Install only if you intend to connect a real Kalshi account. Treat the private key as highly sensitive, avoid autonomous trading, require human approval before any order or cancellation, and do not rely on the documented dry-run workflow unless the missing trading script is supplied and reviewed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill advertises use of environment variables for credentials and network access to external services, but does not declare corresponding permissions. This creates an authorization transparency gap: a user or platform may invoke the skill without realizing it can read sensitive secrets and make outbound API calls, which is especially risky in a real-money trading context.

Missing User Warnings

High
Confidence
93% confidence
Finding
The skill documents live order placement for a real-money market without prominent warnings, confirmation requirements, or emphasis on irreversibility and financial risk. In context, this makes accidental or ill-informed trade execution more dangerous because users may treat the skill like a harmless analysis tool when it can initiate actual positions.

Missing User Warnings

High
Confidence
82% confidence
Finding
The module exposes direct order placement and cancellation functions that can execute real trading actions immediately with no built-in confirmation, simulation mode, permission gating, or guardrails on parameters. In an agent or automation context, this materially increases the risk of unintended trades, rapid losses, or abuse if upstream prompts, integrations, or inputs are manipulated.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal