ClawHub

Polymarket NegRisk Arbitrage

Security checks across malware telemetry and agentic risk

Overview

This skill matches its trading purpose, but it deserves Review because it can place scheduled real-money trades quietly using a Simmer API key.

Only install this if you intend to let an agent trade with real funds through Simmer/Polymarket. Start in dry-run mode, use a narrowly scoped or low-balance API key, verify daily spend caps, disable or review the live quiet automaton before enabling it, and monitor the ledger and fills because batch execution can partially fail or move against the expected arbitrage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill describes capabilities that require environment access, file I/O, and network access, but it does not declare permissions. This creates a transparency and governance gap: users or platforms may approve the skill without realizing it can read secrets, write local state, and place network-backed trades, which is especially risky in a financial automation context.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill markets itself as operating on Polymarket markets, but live execution is delegated to Simmer's external batch-trade API. That mismatch can mislead operators about where orders are actually routed, what trust boundary applies, and which platform receives trading intent and credentials.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill provides commands for live trading and unattended cron-based execution without a prominent, explicit warning that these actions can execute real-money trades. In a financial trading skill, this context makes the omission more dangerous because a user may enable automation or run --live without understanding capital-loss, API-key, and execution-risk consequences.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manifest enables unattended execution with a live-trading entrypoint (`--live --quiet`) on a schedule, but provides no explicit user-facing warning that the skill can autonomously place real financial trades. In a trading skill, this materially increases risk because users may deploy it assuming simulation behavior while the tunables also allow switching to a real venue, creating potential for unreviewed financial loss.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The manifest declares use of a sensitive credential (`SIMMER_API_KEY`) without any accompanying disclosure of what the credential authorizes, how it is used, or what actions the skill may perform with it. In the context of an automated trading bot, lack of credential-use transparency is dangerous because the same credential may enable market access or account actions that users do not fully understand.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
When the operator supplies --live, the program proceeds to place real batch trades without a final interactive confirmation or preview gate. In a trading skill, this increases the chance of accidental order placement, misconfiguration-driven losses, or execution against misunderstood venues.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal