ClawHub

Polymarket Candle Momentum

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed trading bot, but it can repeatedly place real-money trades in live cron mode without strong spending controls or confirmation.

Review carefully before installing. Use dry-run first, treat the advertised win rate as unverified, use a limited-purpose API key and small account balance if possible, avoid enabling the live cron loop until you add or accept cumulative spending and loss limits, and verify open positions directly in Simmer/Polymarket rather than relying only on this script's --positions output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The security notes state that no host files are read and configuration is handled only via environment variables, yet the documented `--set KEY=VALUE` command implies persistent configuration changes somewhere on disk. This inconsistency is security-relevant because users may trust the skill not to write or read local state when it likely does, which can hide configuration poisoning, unintended persistence, or storage of sensitive parameters.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
Trades are tagged with source 'sdk:polymarket-candle-momentum', but position lookup uses source='candle-momentum'. That inconsistency can hide the strategy's own open positions from its status view, impairing operator oversight and potentially leading to repeated or unmanaged exposure if a user assumes there are no active positions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
When run with --live, the script can place real trades immediately with no interactive confirmation, no final dry-run summary, and no strong execution-time warning. In a trading skill, this materially increases the chance of accidental financial loss from operator error, misconfiguration, or unsafe automation triggering unintended orders.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal