ClawHub

Aion Test Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is clearly for Polymarket trading, but it asks for highly sensitive wallet and API credentials and can submit real trades, so users should review it carefully before installing.

Install only if you intentionally want an agent to help with Polymarket trades through Aionmarket. Prefer simulation or pre-signed EIP712 orders, avoid providing a wallet private key unless the wallet holds only funds you are willing to risk, and require explicit confirmation for every live order.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation references sensitive environment variables such as `AION_API_KEY` and `WALLET_PRIVATE_KEY`, but the skill does not declare corresponding permissions. That creates a transparency and consent gap: an installer or orchestrator may not realize the skill expects secret access, increasing the chance of over-privileged deployment and unintended credential exposure in an automated agent environment.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The description is broad enough that an agent may invoke this skill in generic 'trading' or 'market analysis' situations without clear user intent to trade on Polymarket. In this context, over-broad triggering is more dangerous than usual because the skill can progress from analysis to real-money order execution when run in live mode, creating financial loss or unauthorized trading risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The manifest requests a highly sensitive secret, WALLET_PRIVATE_KEY, but does not include a clear user-facing warning about the risk of providing a raw private key. In a trading skill that can execute blockchain transactions, this increases the chance that users will supply long-lived signing credentials without understanding that compromise of the skill, runtime, logs, or dependencies could lead to direct theft of funds.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal