ClawHub

Polymarket Cryptos Maker 5m

Security checks across malware telemetry and agentic risk

Overview

This is a real-money trading bot whose main purpose is disclosed, but it encourages unattended background trading with weak user controls and an overclaimed stop-loss.

Only install or run this if you intentionally want an autonomous Polymarket trading process. Use a dedicated low-balance wallet, keep LIVE_TRADING unset unless you are deliberately testing live orders, inspect and pin dependencies, define your own maximum runtime and exposure limits, and know how to find and stop the background node process before starting it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill advertises an automated stop-loss, but the implementation does not monitor real account equity or open exposure on Polymarket. In a live trading context, this can create a false sense of protection and allow losses to exceed the claimed 8% threshold because the halt logic is based only on locally computed synthetic PnL.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The stop-loss logic is derived from a hardcoded INITIAL_BALANCE and locally accumulated PnL rather than the user's actual account state. Because the skill is for continuous live market making, this mismatch can materially misstate risk and fail to stop trading when real losses breach limits.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to start an indefinite automated trading loop and emphasizes that it does not need to be re-invoked because it will keep running in the background. In a financial trading context, unattended execution can continue placing orders and accumulating losses without fresh user confirmation, and the cited stop-loss does not eliminate operational, market, or configuration risk.

Missing User Warnings

High
Confidence
90% confidence
Finding
When LIVE_TRADING is enabled, the code immediately creates and posts real sell orders, then later cancels them, without any runtime confirmation, dry-run guard, or explicit acknowledgment of financial risk. In an agent skill context, this increases the chance of unintended real-money trading from a misconfiguration or accidental invocation.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
# Execute continuously on ALL markets (BTC, ETH, SOL, XRP) with 10 shares per market
nohup node polymarket-maker/index.mjs trade --asset ALL --shares 10 > bot_log.json 2>&1 &

# Or execute continuously on a single specific market
nohup node polymarket-maker/index.mjs trade --asset BTC --shares 10 > bot_log.json 2>&1 &
Confidence
96% confidence
Finding
nohup

Session Persistence

Medium
Category
Rogue Agent
Content
nohup node polymarket-maker/index.mjs trade --asset ALL --shares 10 > bot_log.json 2>&1 &

# Or execute continuously on a single specific market
nohup node polymarket-maker/index.mjs trade --asset BTC --shares 10 > bot_log.json 2>&1 &
```
Confidence
96% confidence
Finding
nohup

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal