ClawHub

Moltmarkets Trader

Security checks across malware telemetry and agentic risk

Overview

The skill is purpose-built for MoltMarkets trading, but it gives an agent live account authority to create markets, place bets, and resolve markets without strong built-in confirmations or limits.

Review before installing, especially on any funded MoltMarkets account. This does not look like a deceptive or malicious bundle, but it can use a local API key to perform live trades, create markets, and resolve markets; require human approval outside the skill, use a least-privilege or test token, and avoid create-market-with-odds.sh until its argument handling and live-action confirmation are fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger text says the skill activates on essentially any MoltMarkets trading activity, prediction market analysis, or forecasting task. Such broad activation increases the chance of unintended invocation in contexts where the user wanted discussion or analysis only, but the skill is capable of calling scripts that can place bets or resolve markets.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The markdown explicitly references reading an API key from a local secrets file, but does not warn users that the skill accesses credentials or uses them to authenticate outbound requests. This reduces informed consent and increases the chance that operators unknowingly grant a skill access to a live funded trading account.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section documents commands that can place bets, create markets, and resolve markets, but omits strong warnings that these are irreversible or financially consequential actions. In context, the skill operates on a live trading platform, so missing guardrails materially increases the risk of accidental loss, wrongful resolution, or unauthorized account activity.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This document provides concrete, step-by-step betting guidance, bankroll sizing rules, thresholds, and worked examples that directly enable real-money or real-value trading behavior, but it does not include any warning about financial risk, uncertainty, or that the content is not financial advice. In the context of an agent skill explicitly designed to trade prediction markets automatically or semi-automatically, this omission increases the chance that users or downstream agents will treat the guidance as authoritative and incur monetary losses.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script performs a real financial action immediately after market creation, creating a market and then placing a live bet with no explicit confirmation, dry-run mode, or strong warning. In an agent skill context, this increases the chance of unintended trades and monetary loss if the script is invoked with incorrect inputs or by automation the user did not realize would execute a bet.

Missing User Warnings

High
Confidence
97% confidence
Finding
This script performs a live, state-changing financial transaction immediately after receiving arguments, with no confirmation prompt, dry-run mode, or explicit safety interlock. In an agent skill context, that is dangerous because an LLM, automation chain, or mistaken user input could trigger irreversible bets and financial loss without meaningful user consent at execution time.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The script silently accesses a local API credential and then uses it to authorize real-money actions, without any user-facing disclosure at runtime that sensitive credentials are being consumed. In an agent setting, hidden credential use increases the risk of users unknowingly granting the skill authority to trade on their behalf.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The script silently contacts third-party services via curl, which creates an external network side effect that users may not expect from a local helper. In an agent-skill context, undisclosed outbound requests can leak operational metadata such as IP address, timing, and usage patterns, and may violate user expectations or network policy even though no sensitive local data is transmitted here.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal