Polymarket Trade Agent

Security checks across malware telemetry and agentic risk

Overview

This is a real Polymarket trading tool that is mostly transparent, but it can use a raw wallet private key to place live orders without built-in confirmation or hard spending limits.

Review carefully before installing. Use only a dedicated low-balance wallet, treat buy and sell as live real-money actions, verify every order outside the agent, and avoid exposing or logging the private key. Prefer a version that redacts key material, pins dependencies, and requires explicit confirmation plus spending limits before trading.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly documents live trading commands (`buy`/`sell`) for a real-money market but does not clearly warn that these actions can place irreversible live orders and cause immediate financial loss. In an agent skill context, this is especially risky because users may treat commands as exploratory or simulated, while the documented private-key setup indicates the commands operate against an actual funded account.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The setup instructions tell users to export a wallet private key that controls real funds without any strong security guidance on secret handling, storage, rotation, or the consequences of disclosure. Encouraging direct environment-variable use of a funded private key in a general skill document increases the chance of credential leakage through shell history, logs, screenshots, shared terminals, or downstream agent/tool exposure, which can lead to full account compromise and theft.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The setup command explicitly instructs users to export a raw Polygon private key into an environment variable and provides no warning about the sensitivity of that secret, the risks of shell history/process exposure, or safer storage options. In a trading agent context that can place orders and control funds, normalizing direct private-key handling materially increases the chance of credential theft or accidental compromise.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The function can place live market orders immediately with no confirmation, guardrails, or policy checks. In an agent skill context, this is more dangerous because an upstream prompt, tool invocation error, or malicious instruction could trigger irreversible trades using the configured private key.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal