Back to skill

Security audit

Vincent - Polymarket

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Polymarket trading skill, but it gives an agent real-money trading and fund-movement authority with weak default controls before the wallet is claimed.

Review carefully before installing. Claim the wallet and set strict spending limits, mandatory approvals, and withdrawal controls before adding funds; use only funds you can afford to lose; verify recipient addresses; avoid sharing relink tokens in ordinary chat when possible; and prefer a pinned or reviewed CLI version instead of relying blindly on @latest.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill materially expands its capability beyond Polymarket trading by including generic wallet-to-wallet transfer and cross-chain bridging commands. That broader fund-movement surface increases the chance an agent can move assets in ways a user may not expect from a 'Polymarket' skill, especially when combined with autonomous execution and server-side stored credentials.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly permits trading before wallet claim and before policies are configured, creating a window of unrestricted autonomous financial activity. In a trading skill, this context is especially dangerous because real funds can be spent, positions opened, or withdrawals attempted before a human owner has established limits or approval thresholds.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
Telling users it is safe to paste a re-link token into chat normalizes sending live authentication material through a potentially logged or multi-party channel. Even if the token is short-lived and one-time use, interception or accidental disclosure could let another party relink the wallet and obtain a new scoped API key.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.