ClawHub

Openclaw Skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears coherent and non-malicious, but it can place or cancel real Polymarket trades using API credentials without a built-in confirmation or spending limit.

Install only if you intend to let your agent access prob.trade/Polymarket account data and execute trades. Use revocable or least-privilege API keys if available, keep the config file private, require explicit confirmation outside the skill for every buy/sell/cancel action, and avoid enabling credentials in unattended or broad automation workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly enables real-money trading and order cancellation through both slash commands and natural-language prompts, but it does not present a prominent warning, confirmation requirement, or clear statement that these actions can execute live financial trades. In an agent setting, ambiguous natural-language requests increase the chance of unintended purchases, sales, or cancellations, which can directly cause monetary loss.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documented trading commands can place and cancel live market orders, but the warning language is understated and does not clearly tell users that these are real-money or position-affecting actions. In an agent setting, this increases the chance of accidental execution, unintended trades, or cancellations based on ambiguous prompts or automation mistakes.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal