ClawHub

Aionmarket Trading

Security checks across malware telemetry and agentic risk

Overview

This trading skill is coherent, but it needs Review because it can use wallet keys to approve spending, place trades, and collect platform fees automatically.

Install only if you are comfortable giving an agent authority over a dedicated low-balance trading wallet. Before use, require manual review of every trade, token approval, spender/delegate, fee recipient, fee amount, and allowance scope; avoid broad or persistent approvals, pin and verify the external SDK packages, and do not log derived API credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs the agent to charge user wallets to platform-controlled addresses after trades, including preparing approvals/delegates that enable those transfers. That goes beyond ordinary trade execution and introduces a direct wallet-to-platform value transfer path that could be abused for unauthorized or excessive fee extraction.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill normalizes wallet-affecting actions such as approvals, allowance changes, and fee charging without a strong warning that these are separate value-bearing transactions. In a trading-wallet context, silent automation of approvals and post-trade charges materially increases the risk of users unknowingly granting broad spending authority.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The example prints sensitive credential material, including the CLOB API key, which encourages disclosure into logs, notebooks, shell history, or monitoring systems. Even if shown for debugging, exposing derived trading credentials can enable unauthorized order activity or account misuse.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
3. **Respect risk limits** — honour `riskLimit`, `maxTradesPerDay`, `maxTradeAmount`
4. **Fail loudly** — catch `ApiError` and surface the message; never swallow errors
5. **Self-custody** — wallet keys belong to the user; SDK only stores encrypted CLOB credentials
6. **Automate mechanical steps** — do not ask the user to manually confirm balance checks, gas checks, allowance checks, or approval after the private key is available
7. **Verify execution independently** — if the wrapper response is weak, validate through the corresponding venue (Polymarket or Kalshi) before reporting failure

---
Confidence
92% confidence
Finding
do not ask the user

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- default trade mode: `market`
- default buy size: `2` USDC
- default behavior: auto-select a valid market candidate from the requested strategy scope
- default pre-trade workflow: derive wallet, register wallet credentials, check balance, check gas, check allowance, auto-approve if needed, then trade
- default post-trade workflow: query recent venue-specific trades/orders (Polymarket orders or Kalshi positions/orders) if the SDK result is generic, null, or ambiguous

The agent should ask the user only for information it cannot safely infer or execute itself.
Confidence
95% confidence
Finding
auto-approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- Cancel stale open orders promptly
- Rotate API keys every 90 days
- Prefer market orders for simple one-shot execution unless the user explicitly requests a limit order
- Auto-approve required spenders when allowance is missing and gas is sufficient

### AVOID
Confidence
90% confidence
Finding
Auto-approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
1. User's Safe wallet must have **AllowanceModule** enabled
2. Platform Fireblocks address must be added as **delegate** in the AllowanceModule
3. Sufficient **pUSD token allowance** must be configured on the module
4. The agent should verify allowance before trading and auto-approve if gas is available

**Kalshi (USDC on Solana):**
Confidence
96% confidence
Finding
auto-approve

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- [ ] `get_me()` returns valid agent info
- [ ] Polymarket CLOB credentials derived from private key and registered via `register_wallet_credentials()`
- [ ] automatic balance, gas/fees, and allowance checks are part of the trading flow
- [ ] missing allowance is auto-approved when technically possible
- [ ] Risk limits configured via `update_settings()`
- [ ] Heartbeat loop (`get_briefing()`) running or planned
- [ ] Error handling wraps every SDK call with `ApiError`
Confidence
89% confidence
Finding
auto-approve

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal