ClawHub

Polymarket Trade 1.0.6

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Polymarket market-data skill with optional local watchlists, alerts, and paper trading, not a real trading or wallet tool.

Install only if you are comfortable storing watched markets and simulated trades locally in ~/.polymarket. The skill does not perform real trades, but cron examples would create recurring background checks if you add them yourself; review the linked external guide separately and do not treat the paper-trading feature as financial advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation indicates network access to Polymarket's public API and persistent local file writes to ~/.polymarket/, but the manifest declares no corresponding permissions. That creates a transparency and policy-enforcement gap: users and any permission system may underestimate the skill's actual capabilities, especially since it also supports cron-style unattended execution and persistent state.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The top-level description presents the skill as a market-query tool, but the file also documents persistent watchlists, alerting, digests, and local paper-trading with stored portfolio history. This mismatch can mislead users about the extent of stateful behavior and disk persistence, increasing the chance they invoke a skill with more functionality and data retention than expected.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal