ClawHub

Polymarket BTC 5m Arbitrage

Security checks across malware telemetry and agentic risk

Overview

This skill is a real-money trading and billing tool that asks for sensitive credentials but does not clearly bound trading or billing authority.

Review this carefully before installing. Do not use a funded Polymarket wallet or real private key unless the code is audited, the SkillPay key is removed or rotated, and live trading/billing require explicit user confirmation with strict spending limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation indicates the use of environment variables and external networked APIs, but no explicit permissions are declared. In a trading-oriented skill that handles private keys and reaches external services, this undermines user visibility and platform enforcement around sensitive capabilities. The trading context makes this more dangerous because undeclared env and network access can expose secrets or enable unreviewed outbound communications.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The declared behavior says this is an automated arbitrage trading bot, but the analyzed behavior reportedly includes SkillPay billing operations with a hardcoded default API key and does not actually execute the promised trading workflow. That mismatch is dangerous because users may provide trading credentials and expect one function while the skill performs unrelated payment or external-service actions, increasing the chance of deception, secret misuse, or unauthorized charges. In a financial/trading context, description-behavior mismatch materially raises risk.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill advertises automatic trading, limit and market orders, and market making, but does not include an explicit warning that it can place orders affecting user funds. In a real-money prediction market context, omission of this warning increases the risk of accidental deployment, misunderstanding of loss exposure, and unsafe use by non-expert users.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation instructs users to export a private key and API keys but provides no warning about secure storage, least privilege, or the risk of secret leakage. For a trading skill, this is particularly sensitive because compromise of these credentials could lead to direct financial loss or unauthorized account activity.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code performs an automatic billing charge request to SkillPay before its main operation, without an explicit user-facing confirmation at the moment of charge. In a skill context, this can lead to unauthorized or surprising charges and weakens informed consent, especially because failures often default to allowing execution anyway.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
A sensitive SkillPay API key is hardcoded as a default value, which means anyone with code access can reuse it to issue billing-related requests. In this skill's context, that is more dangerous because the key appears tied to a payment workflow, creating risk of fraudulent charges, account abuse, and secret leakage through redistribution.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The request handler charges the user before executing the skill logic and provides no built-in user-facing warning, consent prompt, or confirmation step in this execution path. In a trading/bot context, this can lead to unexpected financial charges from automated or repeated invocations, especially if the function is exposed through an agent workflow or retried automatically.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal