ClawHub

Auto Trading Winner

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed trading automation, but it can run on a schedule and place unattended live trades when configured, so users should review it carefully before installing.

Install only if you intentionally want scheduled trading automation. Keep it in dry-run/manual mode until you understand the strategy, disable or closely control the 30-minute automaton if you do not want recurring runs, use limited-scope credentials with limited funds, and set external account-level risk limits before enabling live or auto mode.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation declares use of sensitive environment variables such as API keys and private keys, but the file does not declare corresponding permissions. That mismatch weakens auditability and consent, because operators may install or run a trading skill without a clear machine-readable indication that it can access secrets needed for live execution.

Description-Behavior Mismatch

Medium
Confidence
76% confidence
Finding
The skill performs client.auto_redeem() automatically before user selection or trading, but this behavior is not disclosed in the skill description. In a trading context, undisclosed state-changing actions can surprise operators, alter positions or balances, and cause unintended live account effects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Live trades can be executed without an interactive confirmation prompt when --live or SIMMER_ENABLE_LIVE is set, and auto mode for real-money venues can be enabled via AUTO_CONFIRM_LIVE=true. In a financial trading skill, allowing unattended execution materially increases the risk of accidental or unsafe live orders from misconfiguration, automation, or manipulated upstream market inputs.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- `MAX_SLIPPAGE_PCT`: Skip trades if estimated slippage exceeds this threshold. Default: `0.15`
- `SIMMER_ENABLE_LIVE`: Set to `true` to allow live order placement. Default: `false`
- `SELECT_CANDIDATE`: Optional 1-based index of the candidate to trade in non-interactive runs.
- `AUTO_CONFIRM_LIVE`: Optional explicit override required if you want `RUN_MODE=auto` together with live execution on `kalshi` or `polymarket`. Default: `false`

## Safety Model
Confidence
88% confidence
Finding
AUTO_CONFIRM

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- Kalshi markets use Simmer's check-then-import indexing path before trading.
- `RUN_MODE=manual` is the default for all venues.
- `RUN_MODE=auto` makes the skill non-interactive and starts from the top-ranked candidate.
- Automatic live execution on `kalshi` and `polymarket` requires an explicit `AUTO_CONFIRM_LIVE=true` override.
- If the selected candidate fails, the skill tries later ranked candidates automatically.

## Local Usage
Confidence
91% confidence
Finding
AUTO_CONFIRM

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
"description": "Optional 1-based candidate index to trade in non-interactive runs."
    },
    {
      "name": "AUTO_CONFIRM_LIVE",
      "required": false,
      "description": "Explicit override for auto mode with live execution on kalshi or polymarket. Default: false."
    }
Confidence
93% confidence
Finding
AUTO_CONFIRM

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal