Polymarket Whale Copier

Security checks across malware telemetry and agentic risk

Overview

This skill asks for a Polymarket private key and advertises automated trading, but the included code does not actually implement live trading or auto-redemption.

Only install after reviewing the scripts and understanding this is not a working live trading bot. Do not provide a main wallet private key; use dry-run behavior and a separate low-balance wallet if testing. Do not rely on the advertised auto-trading or auto-redemption claims until the implementation and documentation are corrected.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill advertises and documents capabilities that read environment variables, access files, write logs/configuration, and use the network, yet it does not declare permissions. Undeclared capabilities reduce transparency and informed consent, especially here because the skill handles a trading private key and can initiate automated financial actions.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The documented behavior understates the real operational and financial effects of the skill: it runs continuously, checks balances over the network, derives a wallet from a private key, and supports automated redemption. In a trading skill, that mismatch is dangerous because users may enable it without understanding that it can continuously place real trades and move funds from a live account.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The skill advertises automatic copy trading, but the execution path for non-dry-run mode explicitly does not place trades and only logs that live trading is not implemented. This is a security-relevant integrity issue because users may rely on the skill for financial automation, misconfigure risk controls, or make decisions under the false assumption that trades are being mirrored.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The CLI exposes a --live flag described as enabling live trading even though the code path only disables dry_run and later reports that live trading is not implemented. This mismatch can mislead operators into believing real orders will be sent, creating unsafe operational assumptions in a financial context.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill promotes automatic copy trading and auto-redemption but does not prominently warn that enabling it can execute real trades and transfer value without per-trade confirmation. In this context, that omission is especially risky because the skill is explicitly designed for unattended financial automation using a user-supplied private key.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal