Moltmarkets Trader
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for MoltMarkets trading, but it can use a local API key to mutate an account and includes an unsafe helper script that can execute injected Python from crafted arguments.
Only install this if you want an agent to help operate your MoltMarkets account. Before using it, fix or avoid the unsafe create-market-with-odds helper, require manual confirmation for every bet/create/resolve action, keep bet sizes small, and ensure the API key is scoped, revocable, and stored securely.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user passes an adversarial or externally influenced value to this helper, code could run locally with the user's permissions.
A user-controlled argument is interpolated directly into Python source before validation. A crafted value could break out of the string and execute local Python code.
EST_PROB="$4" ... python3 -c "\np = float('$EST_PROB')\nassert 0.01 <= p <= 0.99 ..."Pass shell values to Python via argv or environment variables, validate numeric inputs before use, and avoid constructing Python code by string-interpolating command arguments.
The agent could spend the user's MoltMarkets balance, create markets, or resolve markets incorrectly if invoked too broadly or if its analysis is wrong.
The instructions provide decision rules and direct commands for account-mutating actions, including placing bets and resolving markets, without requiring a manual approval step.
**Only bet when edge > 15%.** ... `scripts/place-bet.sh <market_id> <YES|NO> <amount>` ... `scripts/resolve-market.sh <market_id> <YES|NO|INVALID>`
Require explicit user confirmation showing market ID, outcome, amount, and resolution evidence before any bet, market creation, seed bet, or resolution; add dry-run mode and enforce maximum bet limits in code.
Anyone running the scripts with access to that file can view account details and perform authorized MoltMarkets actions such as bets or market operations.
The skill uses a local API key file for authenticated account calls, while the registry metadata declares no primary credential or required config path.
**Auth**: `Authorization: Bearer $(cat ~/secrets/moltmarkets-api-key)`
Declare the credential/config requirement clearly, use a scoped and revocable API key if available, protect the key file permissions, and avoid running mutation commands without confirmation.