ClawHub

庄家异动探测器

Security checks across malware telemetry and agentic risk

Overview

This paid Polymarket skill is not clearly malicious, but it needs Review because it embeds a payment API key and advertises stronger whale analysis than the code performs.

Review carefully before installing. Treat the payment flow as real, do not rely on the output as verified whale/on-chain intelligence, and avoid deploying this version until the publisher removes and rotates the hardcoded SkillPay key, uses a managed secret, locks the payment endpoint to trusted hosts, and aligns the description with the implemented data analysis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'url' from os.getenv (line 233, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
"title": "OpenClaw Skill Payment",
        "description": "Polymarket Movers x3",
    }
    r = requests.post(url, json=body, headers=headers, timeout=20)
    if r.status_code not in (200, 201):
        raise HTTPException(status_code=502, detail="SkillPay create charge failed")
    data = r.json()
Confidence
98% confidence
Finding
r = requests.post(url, json=body, headers=headers, timeout=20)

Tainted flow: 'url' from os.getenv (line 233, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
raise HTTPException(status_code=400, detail="Missing SKILLPAY_API_KEY")
    url = f"{SKILLPAY_API_BASE.rstrip('/')}/v1/charges/{charge_id}"
    headers = {"Authorization": f"Bearer {SKILLPAY_API_KEY}"}
    r = requests.get(url, headers=headers, timeout=20)
    if r.status_code != 200:
        raise HTTPException(status_code=502, detail="SkillPay status query failed")
    data = r.json()
Confidence
98% confidence
Finding
r = requests.get(url, headers=headers, timeout=20)

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill's primary function is market-data retrieval, yet it embeds payment-processing logic and gates output on payment completion. In context, this increases risk because the component handles financial operations and stores a live credential without clear justification or safeguards, expanding the attack surface beyond the core skill purpose.

Missing User Warnings

Medium
Confidence
71% confidence
Finding
The skill creates a payment charge with a third-party processor, but the flow provides minimal disclosure about what external party is contacted and what transaction metadata is sent. In a payment context, opaque third-party transmission increases trust and compliance risk, especially when coupled with a hardcoded live credential.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal