Polymarket Central Bank Trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Polymarket trading bot that paper-trades by default and only risks real funds if the user explicitly enables live mode.

Install only if you understand that this is an automated trading skill. Keep it in paper mode until tested, use --live only when willing to risk funds, set conservative position limits, and provide the least-privileged SIMMER_API_KEY available.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 76% confidence
Finding: The keyword list is broad enough to match generic macroeconomic and finance discussion, which can cause the skill to activate outside its intended scope and surface trading behavior in loosely related contexts. In an agent setting, overbroad triggers can lead to unintended market discovery or trade recommendations based on irrelevant conversation, increasing the chance of erroneous or risky actions.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal