ClawHub

Wangbo Polymarket Copytrading

Security checks across malware telemetry and agentic risk

Overview

This skill is a real Polymarket copy-trading tool that can place unattended live orders with limited built-in safeguards.

Install only if you intend to review and operate a real financial automation tool. Use the scan script and dry-run mode first, verify the active Polymarket account and config, and do not run `auto_copytrade.py --execute` without external spending limits, duplicate-order controls, monitoring, and a clear way to stop the loop.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script can place live market orders via 'polymarket clob market-order' when --execute is supplied, which goes beyond passive analysis or workflow-building and turns the skill into a trading executor. In the context of an agent skill, this is dangerous because user-provided or loosely reviewed configuration can trigger irreversible financial actions, increasing the risk of unauthorized trades, loss of funds, and misuse of connected credentials.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation text is broad enough to match ordinary finance conversations such as asking about top traders or copy-trading ideas, which can cause the skill to activate in contexts where the user did not intend automated trading assistance. In this skill, over-triggering is more dangerous because the workflow progresses from analysis toward executable trade plans and execution handoff.

Missing User Warnings

High
Confidence
96% confidence
Finding
The documentation includes a live execution mode using an '--execute' flag in an automated loop, but it does not prominently warn that this can place real orders and cause financial loss. In a trading skill, that omission is especially dangerous because users may treat examples as routine operational guidance and enable unattended live trading without understanding the real-money consequences.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal