Security audit

Polymarket Supply Chain Trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Polymarket trading skill, but its live-capable financial automation has safety limits that do not match the runnable code.

Install only if you intend to use a financial trading automation tool. Keep it in paper mode first, verify the actual Simmer tunables, do not provide a live-capable key in a shared environment, and do not use --live until the documented and runnable risk limits are reconciled.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill declares use of a sensitive environment variable (`SIMMER_API_KEY`) and explicitly discusses loading `SIMMER_`-prefixed env vars, but the metadata shown does not declare corresponding permissions. Undeclared access to env-based credentials is a real security issue because it weakens least-privilege controls and can let a skill access or influence secrets/config beyond what reviewers and runtime policy expect.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.