Back to skill

Security audit

Polymarket Politics Random 1U

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Polymarket trading template, but it needs review because it can be scheduled and can place repeated real-money random trades if live mode is enabled.

Install only if you intentionally want an AION/Polymarket trading template. Keep it in dry-run by default, avoid setting `RUN_LIVE` in scheduled environments, disable the cron unless you explicitly want automation, use tightly controlled credentials, and set strict spending limits before any live run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the operator to provide sensitive environment values such as `AION_API_KEY` and optionally `WALLET_PRIVATE_KEY`, but the manifest does not declare corresponding permissions. This creates a permission-model gap: the skill can access secrets/capabilities implied by its code or workflow without transparent upfront declaration, which increases the risk of over-privileged execution and unsafe handling of high-value credentials tied to trading and wallet control.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill defines a cron-based managed automaton that runs every 30 minutes, but the metadata does not describe any limiting conditions, dry-run default, market-state checks, or explicit safeguards preventing unintended live trades. In this context, the skill is specifically designed to randomly select a political market and place a trade, so unattended execution materially increases the risk of repeated unauthorized or accidental financial transactions if RUN_LIVE or wallet credentials are present.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This is a true safety vulnerability: when --live or RUN_LIVE is set, the script directly calls client.trade() and submits a real order without any explicit interactive confirmation, final summary prompt, or user acknowledgment step. In the context of a trading skill that intentionally uses randomness to pick a political market and executes a live USD trade, accidental invocation, automation misuse, or misunderstood configuration can lead to unintended real-money transactions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.