ClawHub

Polymarket Scanner

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Polymarket trading skill, but it can submit trades by default and does not implement the promised real-money confirmation or several stated risk controls.

Review before installing. Use only a virtual or tightly capped Simmer account unless you independently verify that the service enforces real-money confirmation. Do not provide a live trading key or schedule this with cron until execution requires explicit opt-in and the advertised daily limits, stop-losses, and per-trade confirmations are actually implemented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises capabilities that involve environment-variable access, network access, and file writing, but it does not declare permissions or boundaries for those actions. In a trading skill, this is dangerous because it can access API keys, place external requests, and persist potentially sensitive trading data without clear governance or user visibility.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list includes broad terms like "trade," "market scan," and "arbitrage opportunities," which can activate the skill for requests outside the user's intended context. Because this skill can lead to financial actions, overly broad routing increases the chance of accidental invocation and unsafe trade-related responses in unrelated conversations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The description explicitly allows execution of real-money USDC trades, but it does not present a prominent upfront warning about financial risk, irreversible market actions, or the possibility of loss. In the context of an automated trading skill, this materially raises harm because users may invoke it without understanding that live funds could be used.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script can automatically place trades in the default execution path with no interactive confirmation, dry-run default, or hard stop when real trading is enabled. In a skill explicitly designed for scanning and trading prediction markets, this is especially dangerous because a routine invocation can commit real funds based solely on heuristic thresholds and external API responses.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal