Security audit

Polymarket Intelligence Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Polymarket alerting skill, but it asks for persistent Telegram-posting automation while only shipping instructions, not the runnable code it references.

Review before installing. Only proceed if you can inspect the referenced Node files and dependencies, use dedicated low-privilege Telegram bots, keep tokens out of source control, confirm exactly which chats receive alerts, require explicit pkedge-prefixed commands for external sends, and know how to stop any cron or launchd runner.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The SCAN trigger set includes broad natural-language phrases like "prediction market scan," "polymarket scan," and "what markets are flagged today," which can plausibly appear in normal conversation without the user intending to invoke this skill. In an agent environment, ambiguous activation can cause unintended execution, unnecessary external requests, and delivery of market-analysis content to channels or users when another tool or a plain-language response was intended.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The DEEP DIVE examples include especially ambiguous phrases such as "analyze this market," "what does pkedge think about [topic]," and "is [market question] mispriced," which could overlap with ordinary analytical discussion. Because this mode performs web searches, market lookup, and trader-channel delivery, accidental invocation has a larger blast radius than a passive response and may leak intent, consume resources, or produce unauthorized premium-style outputs.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The WHALE WATCH and INSIDER WATCH sections contain highly generic triggers like "whale watch," "insider watch," "suspicious wallets," and "what are the whales doing," which are common phrases outside this skill's intended context. In this skill, accidental activation is more dangerous because these modes scan many wallets and trades, generate alerts, and may message subscriber channels, so a collision with everyday speech can trigger broad monitoring workflows without clear user consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.