ClawHub

Polyvision

Security checks across malware telemetry and agentic risk

Overview

PolyVision appears to be a legitimate Polymarket analysis skill, but it needs review because it says it is read-only while also offering tools that change a saved portfolio on PolyVision's service.

Install only if you are comfortable giving PolyVision an API key and letting it store or change your tracked-wallet list. It does not show evidence of placing trades or running local code, but users who need a strictly read-only analysis skill should wait for clearer documentation or avoid using the portfolio add/remove tools.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill documentation says PolyVision is 'read-only analysis' but later exposes portfolio add/remove operations that persist user state. This mismatch can mislead an agent or user into invoking state-changing actions under the assumption that the integration is non-mutating, weakening informed consent and safety controls.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documented 'read-only analysis' claim conflicts with later instructions for adding and removing wallets from a tracked portfolio. Contradictory capability descriptions are dangerous because policy engines, wrappers, or users may classify the skill as safe for autonomous use when it can actually modify persistent data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The portfolio-modifying operations are documented as ordinary tools without an explicit warning that they create or delete persisted tracked-wallet entries. In an agent setting, missing mutation warnings can lead to silent account changes, confusion, and unauthorized state modifications from ambiguous prompts.

VirusTotal

44/44 vendors flagged this skill as clean.

View on VirusTotal