Security audit

Polymarket Geopolitics Trader

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed Polymarket trading skill, but its live-trading safeguards are less clear and less conservative than its documentation suggests.

Review before installing. Use paper mode first, verify the actual code and manifest defaults rather than relying only on the safety table, set strict position limits, and provide only a scoped or revocable trading key you are prepared to monitor.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 79% confidence
Finding: The skill documentation indicates access to environment-based secrets via `SIMMER_API_KEY`, but no explicit permissions model is declared. In an agent platform, undeclared secret access can bypass user expectations and reduce the effectiveness of policy enforcement, especially because the credential grants trading authority.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The skill claims it operates 'without any external API,' yet it depends on `simmer-sdk` and requires `SIMMER_API_KEY` for execution. This mismatch can mislead users and reviewers about the skill's trust boundary, causing them to underestimate external service dependencies and the risk of credentialed live trading.

Vague Triggers

Medium

Confidence: 72% confidence
Finding: The invocation description is broad enough that an agent may apply this skill in loosely related geopolitical contexts without strong user intent checks. Because the skill can eventually place live trades when invoked with `--live`, ambiguous triggering increases the chance of inappropriate financial actions or overuse in sensitive contexts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.