ClawHub
Back to skill

Security audit

Polymarket Ai Divergence

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Polymarket trading skill, but users should review it carefully because it can place real-money trades and its documented spending limits do not fully match the managed configuration.

Install only if you understand that --live can place real trades and lose funds. Use dry-run first, check the runtime config before live use, set explicit low limits with the actual env var names used by the code, and use a dedicated wallet with limited funds rather than a wallet holding unrelated assets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The quick commands include a live-trading mode that executes real-money trades, but the documentation does not present a clear, prominent risk warning at the point of use. In a financial trading skill, that omission is dangerous because users may invoke --live without fully appreciating that it can place irreversible orders against real funds.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill asks the user to provide and store a wallet private key, which is an extremely sensitive secret that enables direct control over trading funds. Without a prominent warning and secure-handling guidance, users may expose the key through unsafe storage, logs, shell history, or overly broad agent access, leading to wallet compromise and fund loss.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manifest enables an automated trading entrypoint with tunable risk parameters, but it does not document invocation constraints, approval requirements, or trigger guardrails. In a trading skill, unclear execution scope increases the chance of unintended autonomous order placement, especially if the host platform can invoke the skill without explicit per-run user confirmation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal