polymarket-sports-trade

Security checks across malware telemetry and agentic risk

Overview

This is a coherent PolySports trading skill, but it asks for live trading API keys in chat and supports persistent automated trades, so users should review it carefully before installing.

Install only if you intentionally want an agent to access PolySports and potentially make real-money trades. Do not paste API keys into ordinary chat; use a secure secret or connection mechanism, prefer single-order or timeboxed authorization, set explicit position sizes and schedules, verify Telegram delivery targets, and regularly disable or delete automation you no longer need.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Context-Inappropriate Capability

Medium

Confidence: 99% confidence
Finding: The documentation explicitly instructs the agent to collect a PolySports API key via the chat conversation when the runtime key is missing. Asking users to paste long-lived credentials into conversation channels increases the chance of exposure through logs, transcript retention, prompt leakage, downstream tooling, or operator access, and is especially risky because the key authorizes trading-related API actions.

Intent-Code Divergence

Low

Confidence: 96% confidence
Finding: The file creates a contradictory auth model: it states the runtime must provide a valid API key, then falls back to requesting that same secret from the user in-chat. This inconsistency can normalize unsafe credential handling and cause agents or users to bypass the intended secure secret injection path.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill explicitly tells the user to paste a live `X-PolySports-Api-Key` into the conversation, creating a direct natural-language channel for sensitive credential collection. In a trading skill handling real balances and orders, this materially increases the risk of credential exposure through chat logs, transcript retention, model processing, or accidental disclosure to other participants or systems.

Natural-Language Policy Violations

Medium

Confidence: 79% confidence
Finding: The skill hard-codes a saved rule-setting window of `23:00` in `Asia/Shanghai` for automation without requiring user confirmation of timezone or locale. While not a direct code-execution or secret-handling flaw, this can cause scheduled trading or monitoring jobs to run at unintended times, which is operationally risky in a real-money trading context.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The skill tells users to send a sensitive API credential directly in the conversation without any warning or secure handling guidance. In the context of a trading skill, that credential may enable account inspection and order placement, so disclosure in chat could lead to unauthorized trades, account abuse, or later compromise if transcripts are retained or exposed.

Natural-Language Policy Violations

Medium

Confidence: 89% confidence
Finding: The playbook hard-codes a default scheduling window of `23:00` in `Asia/Shanghai` without requiring user opt-in or explicit conversion to the user's locale. In a trading automation skill, this can cause jobs to run at the wrong local time, leading to missed pregame/in-game windows or unintended order activity when the user is asleep or unable to review alerts.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The instruction to have users send API keys directly in chat establishes an insecure collection path for credentials that authorize real trading actions. Because the skill is specifically designed for balance lookups, order placement, redemption, and automation, compromise of that key could enable unauthorized financial actions and account access.

Ssd 3

High

Confidence: 99% confidence
Finding: The instructions direct the agent to solicit an API key from the user and use it for the session, which is a classic secret-handling anti-pattern. Because this skill can access wallet, position, authorization, and trade endpoints, exposing the key in conversation materially increases the risk of account takeover or unauthorized trading activity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal