ClawHub

Polymarket Nothing Ever Happens

Security checks across malware telemetry and agentic risk

Overview

This real-money trading skill mostly matches its purpose, but it also redeems positions automatically and handles wallet authority without clear enough user control or warnings.

Review before installing. Use only a dedicated low-balance wallet, avoid providing a primary wallet private key, test dry-run behavior first, and assume --live can place real trades and startup can redeem existing winning positions. The skill should make redemption explicit and add stronger private-key and real-money warnings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script automatically calls auto_redeem() on startup, which performs an on-chain/account-affecting action not disclosed in the manifest description focused on scanning and buying NO positions. This is dangerous because users or orchestrators may grant permissions expecting only market discovery/trading, while the skill also mutates account state by redeeming positions without explicit consent or a dedicated flag.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to place a wallet private key in an environment variable without a strong warning about the sensitivity of that key or safer alternatives. A Polymarket wallet private key grants control of funds and trading authority, so accidental exposure through shell history, logs, process inspection, misconfigured environments, or shared hosts could lead to account compromise and theft.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The quick-start commands prominently include `--live` execution for real trades, but the document does not place an equally prominent warning about real-money loss, irreversible order placement, or the need to validate configuration before going live. In trading automation, this omission increases the chance of user error, unintended execution, and financial loss, especially for beginner users.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Winning positions are redeemed automatically without a user-facing confirmation or even a startup notice in the main usage description. In an automated trading skill, undisclosed financial side effects reduce user control and can trigger unexpected account actions, especially when the skill is run in live or managed environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal