Back to skill

Security audit

Openclaw Skill Publish

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed prob.trade/Polymarket analytics and trading skill, but it needs review because it can place or cancel live orders without built-in confirmation safeguards.

Install only if you intentionally want an OpenClaw agent to access a prob.trade/Polymarket account. Verify the publisher and name mismatch, use revocable or least-privilege API keys if available, protect the config file, and require human review before every order or cancellation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly requires environment/config secrets, reads local configuration files, and performs network operations, yet it does not declare explicit permissions. This weakens the trust boundary for agents and users because the skill can access sensitive API credentials and contact external services without a clear permission contract.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The README encourages broad natural-language activation for a skill that includes financial trading functions. In an agent setting, vague prompts like 'buy' or 'cancel all my open orders' can be interpreted and executed without a narrowly scoped confirmation flow, increasing the risk of unintended trades or order cancellations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README describes buying, selling, and canceling orders but does not prominently warn that these actions can create immediate financial loss or irreversible market exposure. In an autonomous or semi-autonomous agent context, omission of explicit safety language makes unsafe execution more likely, especially for natural-language requests.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documented commands allow placing and cancelling live orders, but the skill does not prominently warn that these actions can execute real-money market transactions. In an agent setting, that omission raises the risk of accidental financial loss or unintended cancellation of legitimate orders if a user or downstream system invokes the commands without realizing they are live-trading operations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill exposes live trading actions that can place and cancel real orders immediately, but the code provides no explicit warning, dry-run mode, confirmation prompt, or policy gate before executing those operations. In an agent-skill context, this is more dangerous than a normal CLI utility because an upstream agent or user may invoke `order` or `cancel` based on ambiguous natural-language intent, causing unintended financial transactions and real monetary loss.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.