Security audit

Polymarket Btc Weekend Volatility Trader

Security checks across malware telemetry and agentic risk

Overview

This trading skill is not clearly malicious, but it can operate on real funds and its live-trading safeguards are not documented consistently enough for automatic approval.

Review this skill carefully before installing. Use paper mode first, provide exchange API keys with the minimum permissions possible, disable withdrawals, and do not allow live trading unless you have verified the actual script enforces explicit confirmation, live-mode gating, risk limits, and logging.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The document claims the strategy needs 'no external API required,' but elsewhere it depends on API-backed venue interaction and trading authority. This inconsistency can mislead operators about the true trust boundary, causing them to run a skill that can interact with external services and move funds under the mistaken belief that it is self-contained.

Intent-Code Divergence

Low

Confidence: 75% confidence
Finding: The safety section asserts that real trades only happen with a `--live` flag, but this file provides no enforcement evidence. In a financial-trading context, unverified safety claims are dangerous because users may rely on them and expose real funds if implementation defaults, wrapper scripts, or UI integrations invoke live mode differently than documented.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal