ClawHub

polymarketz

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly transparent about Polymarket browsing and trading, but it asks for and stores a raw wallet private key in plaintext even though trading is not actually implemented.

Use the read-only market commands only unless you are comfortable with the credential risk. Do not run wallet-setup with a main wallet or funds you cannot afford to lose; if you test it, use a dedicated low-balance wallet and remove ~/.config/polymarket/wallet.json afterward if it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises shell execution, network access, and file writing behavior but declares no permissions, which undermines user awareness and any permission-based trust model. In this context the undeclared capabilities are especially sensitive because the documented commands can write wallet material to disk and interact with external trading APIs, enabling credential exposure or unintended financial actions if a user assumes the skill is read-only or low-privilege.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The top-level description emphasizes browsing, analysis, and zero-setup read-only use, but the skill also includes wallet setup that collects and stores a Polygon private key in a local file. That mismatch is dangerous because users may trust the skill as a market-data tool and not anticipate local credential handling, increasing the chance of exposing a high-value secret tied to real-money trading.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill prompts for a Polygon private key and persists it to disk in plaintext JSON under the user's home directory. Even with chmod 0600, plaintext secret storage increases the risk of credential theft from local malware, backups, shell history mishandling, or multi-process/user exposure on misconfigured systems. In the context of a trading skill, compromise of this key could enable theft of funds or unauthorized trading.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal