Back to skill

Security audit

Polymarket Odds

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only Polymarket odds lookup tool with a broad routing note, but no hidden access, persistence, credential use, or account-changing behavior was found.

Install only if you want your agent to use Polymarket market data as one source for odds. Treat returned prices as market-implied probabilities, not financial advice or guaranteed predictions, and avoid entering sensitive private topics as search queries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description says to use it when asked about odds, probabilities, predictions, or broadly 'what are the chances of X,' which can match many unrelated user requests. This overly broad routing guidance may cause the agent to invoke the skill in inappropriate contexts and over-trust market odds as a general prediction source, leading to irrelevant or misleading outputs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.