Polymarket Sports Edge

Security checks across malware telemetry and agentic risk

Overview

This is an automated prediction-market trading bot with real-money live mode and scheduled execution, but its package has ambiguous duplicate manifests and limited live-trading safeguards.

Install only if you intentionally want a scheduled trading bot. Keep LIVE=false until you have reviewed dry-run output over multiple cycles, resolve which manifest/script will actually run, use small trade sizes, restrict or revoke API keys when not in use, and add your own approval and loss-limit controls before allowing live scheduled execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill documentation describes use of environment variables and external HTTP APIs, but no explicit permissions are declared. In an agent ecosystem, missing permission declarations can bypass user expectations and reduce effective consent around network access and secret handling. The trading context increases risk because API keys and live trading behavior are involved.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The declared purpose says the skill finds divergence and trades it, but the content also indicates position management, sell/exit behavior, and futures filtering logic that materially affect user funds and trading lifecycle. This mismatch can mislead users about the scope of autonomous actions, especially in a live-trading skill where exits and position management may occur without fully informed consent.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill supports real-money live trading but does not provide an explicit risk warning about financial loss, autonomous order placement, and potential market/liquidity issues. In this context, insufficient warning is dangerous because users may enable LIVE mode without understanding that the agent can commit funds based on imperfect data, matching, or stale odds.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly documents how to enable live trading with `LIVE=true` but does not provide a clear warning that this can trigger real-money financial transactions and losses. In a trading skill, that omission materially increases the chance of accidental or uninformed activation, especially because the strategy is presented as having an 'edge' and may encourage overconfidence.

Missing User Warnings

High

Confidence: 93% confidence
Finding: The skill can place live trades whenever LIVE=true, based solely on automated heuristics and environment configuration, without an explicit runtime confirmation, approval gate, or prominent safety interlock. In an agent setting, this creates a real risk of unintended financial transactions if the skill is invoked unexpectedly, misconfigured, or manipulated through upstream data quality issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal