ClawHub

Polymarket Fast Scaler

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is a clearly disclosed Polymarket trading skill, but it should be reviewed carefully because it recommends persistent live trading with real funds.

Install only if you understand the trading and wallet risk. Run paper mode first, keep position and daily budget caps low, avoid enabling the live cron until you have monitored results, and know how to stop the cron job and revoke or rotate the Simmer API key or wallet credentials.

SkillSpector (2)

By NVIDIA

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs users to install an SDK, set environment secrets, run a Python script, and enable live trading on a recurring schedule, which implies network, environment, and local execution capabilities. However, the skill declares no permissions or capability boundaries, so users and platforms cannot accurately assess or constrain what the skill may access. In a wallet-connected trading context, this mismatch is more dangerous because hidden or undocumented capabilities could expose API keys, modify local files, or place unintended trades.

Session Persistence

Medium
Category
Rogue Agent
Content
4. **Set up cron (every minute)**
   ```bash
   # crontab -e
   * * * * * cd /path/to/skill && python fast_scaler.py --live --quiet
   ```
Confidence
82% confidence
Finding
crontab -e

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal