Back to skill

Security audit

Polymarket Analysis

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Polymarket research skill with optional monitoring alerts, not a trading or credential-stealing tool.

Install only if you want read-only Polymarket market and wallet analysis. Before enabling Monitor mode, confirm the market, cron interval, state-file location, delivery channel, and recipient, and remove the cron job and stored state when you no longer want alerts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill advertises and references executable scripts that perform network access and likely monitoring/output behavior, but the skill metadata declares no permissions. This creates a trust and sandboxing gap: a user or host system may treat the skill as low-risk while it can still initiate external requests and potentially write files/logs during monitoring workflows.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The document instructs creation of persistent cron jobs and delivery of alerts, which goes beyond a read-only 'analysis only, no execution' framing in the skill metadata. This mismatch can cause users or reviewers to underestimate that the skill triggers ongoing automated actions and notifications after the initial interaction.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The setup describes reading and updating a persistent state file on disk, contradicting a read-only analysis expectation. Hidden statefulness can create privacy, integrity, and auditability issues because future behavior depends on stored data the user may not realize exists.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The skill documents writing market-monitoring state to `.claude/skills/polymarket-analysis/state/{market-id}.json` without warning the user that local data will be stored. Even if the data is not highly sensitive, undisclosed storage can expose user activity patterns and create unexpected residue on shared or managed systems.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation configures ongoing alert delivery to WhatsApp, Telegram, and Discord without explicit disclosure that monitoring information may be transmitted to third-party services. This can leak trading interests, market focus, timing, or behavioral metadata off-platform and outside the user's expected trust boundary.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The document explicitly promotes monitoring identifiable wallets, querying their positions, and generating alerts about their trading activity without any discussion of privacy, consent, legal restrictions, or anti-harassment safeguards. While blockchain data may be public, packaging it into a whale-tracking workflow lowers the barrier for targeted surveillance and copy-trading behavior, which creates privacy and misuse concerns in this context.

Session Persistence

Medium
Category
Rogue Agent
Content
On each cron run, the agent:

1. **Fetch current data** via Gamma API
2. **Load previous state** from state file
3. **Compare thresholds:**

| Check | Condition | Alert |
Confidence
84% confidence
Finding
Load previous state

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.