Security audit

Polymarket Opportunities Scanning

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Polymarket scanning and email-reporting skill; its local Mail automation and optional scheduling need care but fit the stated purpose.

Install only if you are comfortable with a script fetching public Polymarket data, saving opportunities.json locally, and sending report emails through your default Apple Mail account. Set SMTP_TO deliberately, review the scripts before enabling the optional cron schedule, and do not rely on Telegram delivery unless you add and review that implementation yourself.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 82% confidence
Finding: The skill advertises and instructs use of environment variables and network access but does not declare the permissions/capabilities needed for those behaviors. Undeclared capabilities reduce transparency and can cause an agent or reviewer to underestimate what the skill can access, especially because it also performs outbound communication and local integration steps.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 90% confidence
Finding: The skill's documented behavior does not fully match its actual operational behavior: it writes local files, uses Apple Mail via osascript, and appears incomplete or inconsistent regarding Telegram delivery. This mismatch is dangerous because users may approve a market-scanning/reporting skill without realizing it also invokes local automation and persistence, which expands the attack surface and can enable unintended data handling or command execution pathways.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical

Code: suspicious.dangerous_exec
Location: scripts/send-report.js:41