Back to skill

Security audit

Polymarket User Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only public Polymarket analysis tool with some transparency and local-file-output caveats, but no evidence of hidden exfiltration or malicious behavior.

Install only if you are comfortable with the skill making outbound requests to polymarket.com and data-api.polymarket.com using the username or wallet address you provide. Treat generated reports as local files you explicitly choose, and do not let untrusted instructions set --output to sensitive paths.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly instructs use of network access to fetch a Polymarket profile page and query the Polymarket Data API, yet no permissions are declared. This creates a capability/permission mismatch that can bypass expected review and least-privilege controls, making outbound requests less transparent to operators and users.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The README claims the tool does not store or transmit data to external servers, but the documented functionality requires fetching public trading data from Polymarket or related APIs. That discrepancy can mislead users about the skill's network behavior and privacy properties, which is a security-relevant trust issue even if the queried data is public.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal