ClawHub

Polymarket Weather Bands

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed autonomous Polymarket trading helper, but it asks for a raw wallet private key and directs automatic approvals and trades without transaction-level confirmation.

Install only if you are comfortable with an agent handling a raw wallet private key and taking real trading actions. Use a fresh, minimally funded wallet, require manual confirmation for each allowance and trade, verify spender and allowance amount, revoke allowances afterward, and review the external AION/Polymarket tooling before funding the wallet.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly authorizes automatic approvals and trade execution with a wallet private key, yet provides no prominent warning that these are irreversible financial and on-chain actions. In this context, an agent could spend funds, set token allowances, and place trades without an explicit transaction-level user opt-in, which materially increases the risk of unintended loss.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill asks for highly sensitive secrets, including a wallet private key, and describes deriving additional credentials from them without any privacy, storage, or handling warning. That omission is dangerous because users may be induced to disclose raw signing keys to an agent workflow without understanding the exposure and downstream credential propagation.

Missing User Warnings

High
Confidence
96% confidence
Finding
The instruction not to ask for additional confirmation directly suppresses a safety control in a workflow that performs approvals and live trades. Removing confirmation for destructive financial actions makes accidental, mis-targeted, or manipulated execution far more likely, especially when market selection and order parameters are also automated.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The skill description promotes autonomous execution 'without repeatedly asking for confirmation' for a live trading workflow, but does not require explicit prior opt-in for autonomous financial operations. In the context of private-key-based trading and token approval, this creates a genuine risk of unauthorized or unexpected transactions and losses.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal