ClawHub

Polymarket Sniper Bot (Standalone)

Security checks across malware telemetry and agentic risk

Overview

This is a real-money autonomous trading bot whose financial authority is disclosed, but its live-trading safeguards, credential handling, install flow, and fallback trading logic need careful review before use.

Install only after reviewing the code and running it in simulation first. Use a burner wallet with limited funds, avoid storing private keys in plaintext config files, do not expose the dashboard publicly, pin dependencies inside a virtual environment, verify any license server is trusted HTTPS, and add an explicit live-trading opt-in with spend limits and a stop procedure before enabling the scheduled scans.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Tainted flow: 'LICENSE_SERVER' from os.getenv (line 16, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
if not PRO_LICENSE_KEY:
        return False
    try:
        resp = requests.post(
            f"{LICENSE_SERVER}/api/validate",
            json={"key": PRO_LICENSE_KEY, "product": "polymarket-sniper-pro"},
            timeout=5
Confidence
95% confidence
Finding
resp = requests.post( f"{LICENSE_SERVER}/api/validate", json={"key": PRO_LICENSE_KEY, "product": "polymarket-sniper-pro"}, timeout=5 )

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
When real market data is unavailable, the code fabricates a positive 3% momentum signal that can trigger trading logic. In a trading agent with live execution capability, this is dangerous because failures or API disruption can cause false buy decisions and real financial loss without any genuine market signal.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script uses `pip3 install ... --break-system-packages`, which intentionally bypasses Python environment protections and modifies the system-managed interpreter environment. This can corrupt OS-managed Python packages, create dependency conflicts, and increase supply-chain risk if unpinned or compromised dependencies are installed globally. In the context of an autonomous trading bot that may be deployed on a host with wallet keys and live execution capability, destabilizing the system Python environment or pulling unsafe packages is more dangerous than in a disposable development container.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The deployment guide instructs users to place a raw wallet private key directly into config.yaml and does not provide explicit guidance on secret storage, file permissions, or safer alternatives such as environment variables or a secrets manager. In the context of an autonomous live-trading bot that controls real funds, this increases the likelihood of accidental key exposure through source control, backups, logs, screenshots, or multi-user server access.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill promotes autonomous live trading and a one-command bootstrap flow without prominent warnings that it can place real trades and affect funds. In a financial-trading context, missing safety disclosures materially increases the risk of accidental loss, misuse of credentials, and operators enabling live execution without understanding the consequences.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes autonomous live trading and quick-start execution, but it does not warn users about real financial loss, market volatility, configuration mistakes, or the difference between simulation and production behavior. In the context of an agent skill that can place real trades on Polymarket, this omission increases the chance that users will run it against live funds without understanding the risks or needed safeguards.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The task description explicitly states that the agent will execute trades automatically every 5 minutes, but the configuration provides no user-facing warning, confirmation gate, or disclosure that live market actions may be irreversible and financially risky. In the context of an autonomous Polymarket trading bot, this omission is dangerous because users may enable or deploy the skill without understanding that it can place real trades on a schedule with direct monetary consequences.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal