Security audit

Polymarket Micro Spread Sniper Trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Polymarket trading bot that defaults to simulation, but it needs Review because live mode can place real USDC trades while the documentation overstates coverage and safeguards.

Review carefully before installing. Use paper mode first, verify the real discovery scope and thresholds, and only use --live with a restricted Simmer/Polymarket key and funds you are prepared to lose. Treat --live as immediate real-money order execution, not a recommendation or reversible simulation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 82% confidence
Finding: The skill declares no permissions while explicitly requiring access to an environment credential (`SIMMER_API_KEY`) that authorizes trading. This creates a transparency and governance gap: reviewers or automation may underestimate the capability to access secrets and place trades, which is especially risky in a live-trading skill.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The skill description materially overstates and misstates trading behavior: it claims to scan all categories and use certain thresholds, while the documented logic uses a narrower discovery set, different thresholds, and additional filters. In a financial automation context, this is dangerous because operators may enable a strategy under false assumptions about market coverage, risk profile, and trade triggers.

Description-Behavior Mismatch

Medium

Confidence: 88% confidence
Finding: Claiming to scan all Polymarket categories when the documented discovery strategy is limited to hardcoded crypto keywords, fast markets, and a capped market sample is materially misleading. In a trading skill, inaccurate scope claims can cause misplaced trust in diversification, coverage, and strategy completeness, leading to unsafe operational decisions.

Intent-Code Divergence

Low

Confidence: 80% confidence
Finding: The documentation uses conflicting extreme-probability thresholds, which can confuse operators about when trades will actually trigger. While this is primarily a documentation integrity issue, in a real-money trading context it can still lead to misconfiguration, incorrect expectations, and accidental live exposure.

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The file defines a context_ok safeguard intended to block flip-flop trading and excessive slippage, but the trading loop never calls it before placing orders. In a live trading skill, bypassing documented risk checks can lead to repeated trades under unfavorable or policy-violating conditions, increasing financial loss and making operator expectations inaccurate.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill documents a `--live` mode capable of placing real-money trades but does not prominently warn that these actions may be irreversible and can occur across up to 20 positions per run. In a financial-trading context, insufficient warning and confirmation around live execution materially increase the risk of accidental monetary loss.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal