ClawHub

Smart Money Trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Polymarket trading skill, but live mode can place real-money trades without a final confirmation or aggregate run limit.

Install only if you intentionally want an automated Polymarket copy-trading workflow. Start in dry run or `TRADING_VENUE=sim`, pass `--min-score` explicitly, keep `SIMMER_SMARTMONEY_MAX_POSITION` low, verify Simmer account permissions, and avoid `--live` unless you accept that it may open multiple real-money positions in one run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation promotes live automated trading on Polymarket but does not prominently warn that `--live` may execute real-money trades using user funds. In a financial-trading context, insufficient risk disclosure can cause accidental loss, especially because the skill is designed to place trades based on third-party signals.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The module performs an outbound network request to a URL that can be overridden via the SMART_MONEY_API_URL environment variable, with no validation, allowlist, or user-facing disclosure. In an agent or automation context, this can be abused to redirect requests to attacker-controlled endpoints or internal services, creating SSRF-style risk, metadata leakage, or silent exfiltration about runtime behavior.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script can place real trades whenever the --live flag is supplied, and it proceeds directly from argument parsing to trade execution without any interactive confirmation, secondary acknowledgement, or last-minute warning. In a trading skill, this is materially risky because accidental invocation, automation mistakes, or prompt/agent misuse can trigger irreversible financial actions with real funds.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal