Trading

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Polymarket trading bot, but it can automatically spend real USDC in live loops without a second confirmation or strong loss limits.

Install only if you intentionally want automated real-money Polymarket trading. Keep it in dry-run first, verify the publisher/version, use a limited and revocable Simmer key if available, leave SIMMER_API_BASE unset unless you trust the endpoint, and do not add live --quiet mode to cron or heartbeat without external spend/loss limits and a clear way to stop it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The description and usage guidance use broad trigger phrases such as 'automate short-term crypto trading' and 'use when user wants to trade sprint/fast markets,' which can cause the skill to be selected for loosely related conversations. In this context, accidental invocation is more dangerous than usual because the skill is tied to live financial trading with real USDC, so over-broad routing can lead to risky or unintended trade execution paths.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: When run with `--live`, the skill places real trades immediately without any interactive confirmation, secondary approval, or safety interlock. In an agent-driven or automated environment, this increases the risk of accidental irreversible financial actions from prompt mistakes, misconfiguration, or untrusted task input.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal