Security audit

Polymarket Macro Fear Index Trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Polymarket trading skill that defaults to paper trading and only uses live trading when explicitly run with the live flag.

Install only if you understand this is trading automation. Keep it in paper mode first, review the `simmer-sdk` dependency before trusting live credentials, use a limited or segregated API key where possible, and only run with `--live` when you accept real Polymarket exposure.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill documentation indicates use of the `SIMMER_API_KEY` environment variable, but the static finding says no permissions are declared while environment access is present. In a trading skill, undeclared access to environment-sourced credentials is security-relevant because it obscures the skill's capability to read sensitive secrets and weakens informed consent and review. The context increases risk because the credential grants trading authority, so any hidden or undocumented env access could enable account misuse if the implementation is modified or behaves unexpectedly.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: In the neutral regime, the bot falls back to generic threshold trading across all fetched markets, even though the skill is described as a fear-index strategy derived from specific macro themes. That mismatch means the skill can place live trades on unrelated markets with no strategy-specific justification, creating unauthorized or unintended market exposure rather than a narrowly scoped thematic strategy.

Description-Behavior Mismatch

Medium

Confidence: 97% confidence
Finding: The panic and complacency branches use a composite fear index built from selected categories, but then trade any oversold or overpriced market in the entire market set. This breaks the causal link between the signal source and the traded asset universe, so unrelated markets can be bought or sold simply because global fear is high or low, leading to broad unintended real-money exposure when run live.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The manifest requires a live API credential (SIMMER_API_KEY) for an automated trading skill, but the file provides no explicit user-facing warning that the skill can access sensitive credentials and use them to place trades. In this context, omission matters because the skill is specifically designed to make market positions automatically, so users may underestimate both credential exposure and financial risk when enabling it.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal