Mia Polymarket Trader

Security checks across malware telemetry and agentic risk

Overview

This skill is openly an automated Polymarket trader, but it asks for wallet-level credentials and live trade authority without enough guardrails or implementation provenance.

Review carefully before installing. Only use a dedicated low-balance wallet, verify the actual `mia-polymarket` command from a trusted source, and require manual confirmation or dry-run mode before any live trade. Do not provide a primary wallet private key unless the publisher supplies reviewed code, enforceable limits, and clear credential-handling documentation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly promotes autonomous market analysis and automated trade execution while only providing operational setup steps, not clear warnings that real funds may be used and lost. In a financial trading context, omission of prominent risk disclosure can mislead users into enabling automated transactions with wallet credentials, increasing the chance of unintended monetary loss.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal