ClawHub

Polymarket Fast Loop

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Polymarket trading bot, but it can run unattended real-money trades with wallet credentials and lacks sufficiently scoped live-trading controls.

Install only if you intentionally want automated real-money Polymarket fast-market trading. Use a dedicated low-balance wallet, run dry-run first, avoid unattended live cron until you understand the loss risk, verify the Simmer SDK and publisher context, and set strict per-trade and daily budget limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill explicitly instructs users to set sensitive environment variables including `SIMMER_API_KEY` and `WALLET_PRIVATE_KEY`, and it performs networked live trading plus configuration writes, yet it declares no permissions. This creates a transparency and containment gap: an agent or platform may invoke a capability-rich skill without clear permission boundaries, increasing the risk of unauthorized fund movement or secret exposure in a trading context.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The top-level description says to use the skill whenever the user wants to trade sprint/fast markets, automate short-term crypto trading, or use CEX momentum as a signal, which is broad enough to match many generic trading requests. Because this skill can execute real-money trades on Polymarket, overly broad invocation criteria can cause an agent to select and run it in situations where the user did not explicitly authorize this specific strategy or live trading behavior.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The 'When to Use This Skill' section lists broad triggers like automating short-term crypto prediction trading and trading any supported asset, without meaningful exclusions or safety boundaries. In context, this is more dangerous because the skill is tied to real USDC, uses wallet private keys, and includes cron/heartbeat automation, so ambiguous activation can lead directly to repeated unintended trades.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest enables a managed automated trading entrypoint without any explicit trigger restrictions, approval gates, or invocation constraints. In a fast-market trading skill, unrestricted automation increases the chance of unintended execution, repeated trades, or activation in contexts the user did not clearly authorize, which can directly cause financial loss.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script will place real trades whenever invoked with --live and a valid API key, without any interactive confirmation, approval callback, or secondary safeguard. In an agent setting, this raises the risk of unintended financial actions from prompt mistakes, automation bugs, or unsafe tool chaining.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal