ClawHub

Polymarket Mean Reversion Pro

Security checks across malware telemetry and agentic risk

Overview

This is a real-money trading automation skill with unclear safety boundaries and fixed external notification/queue destinations.

Review before installing. Use only an isolated, low-balance wallet, replace or remove the hardcoded Telegram and SQS destinations, and do not run live mode until the dry-run behavior, technical-indicator bug, and per-trade approval controls are fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The technical confirmation logic appears broken because history entries are stored as dicts like {"p": ..., "ts": ...}, but the code reads them with `for _, p in sorted(history)`, which is incompatible with that structure. This can cause runtime failures or disable intended safeguards, making the bot trade without the advertised confirmation checks and undermining safety controls in an automated trading system.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The usage text claims `--dry-run` shows signals with no execution, but `run_once` still sends Telegram alerts and pushes messages to SQS even in dry-run mode. That contradiction is dangerous because operators may rely on dry-run to avoid side effects, yet the script still transmits trading signals to external systems that may trigger downstream actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly describes an automated execution pipeline tied to a wallet and private key, but does not provide a clear warning that running it may place live trades with real funds. In a trading context, omission of this warning is dangerous because users may assume it is informational or alert-only tooling and unintentionally authorize financial transactions and losses.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill advertises Telegram alerts and AWS SQS integration without disclosing that market activity, signal metadata, and potentially account- or strategy-related information may be sent to third-party services. This creates a privacy and operational security risk because users may unknowingly expose trading behavior, wallet-linked context, or sensitive automation data outside their local environment.

Missing User Warnings

High
Confidence
98% confidence
Finding
In non-dry-run mode, the script automatically executes trades as soon as signals are generated, with no interactive confirmation, approval gate, or explicit safety interlock at the point of execution. For an agent skill, this materially increases the chance of unintended financial loss from bad data, logic bugs, compromised inputs, or operator misunderstanding.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code transmits generated signals to Telegram and SQS even during dry-run, but does not clearly mark or isolate those outputs as non-live. In this context, external consumers such as `arb_poller` may treat these messages as actionable, so a supposedly safe test run can still trigger downstream trading or leak operational intelligence.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal