ClawHub

Polymarket Cryptos Hunter

Security checks across malware telemetry and agentic risk

Overview

This skill appears to run an automated live trading bot in the background with real-money authority and insufficient user controls, so it needs review before installation.

Install only if you intentionally want an autonomous live-money trading bot and have reviewed the code, wallet setup, risk limits, and stop procedure. Prefer paper trading or dry-run mode first; do not load private keys or funded wallets unless you can monitor and stop the process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill explicitly directs the agent to run a live trading bot that uses network access and likely environment-based secrets, yet it declares no permissions. This creates a dangerous mismatch between the skill's documented behavior and its security model, making it easier for an agent or reviewer to approve execution without understanding that the skill can access external services and potentially sensitive credentials.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The bot claims to rely on live fills and on-chain truth, but its settlement logic uses the same spot price for both the final price and strike, so `up_wins = final >= strike` is always true. In a live trading bot, this can systematically misprice PnL, bias strategy behavior, and hide losses while making real-money decisions with a private key.

Missing User Warnings

High
Confidence
96% confidence
Finding
The code places and cancels live Polymarket orders automatically as soon as `start` is invoked, with no interactive confirmation, dry-run default, trading guardrail, or explicit acknowledgment that real funds will be used. In the context of an agent skill, this is especially dangerous because users may execute it expecting analysis or simulation while it can immediately trade with a loaded wallet private key.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
# Navigate to the skill folder and start the live trading bot in the background
cd polymarket-cryptos-hunter && nohup .venv/bin/python main.py start > bot_log.txt 2>&1 &
```
Confidence
97% confidence
Finding
nohup

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal