Polymarket Clob Microstructure

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Polymarket trading automaton that defaults to dry run, but users should treat live mode as real financial authority.

Install only if you intend to run an automated trading tool. Keep it in dry-run mode until you have reviewed the strategy and limits, and do not use --live unless you are comfortable with real orders being placed through the configured Simmer account.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly documents a `--live` mode that performs real trading execution but does not include a clear, prominent warning about financial loss, unintended order placement, or the need for explicit user confirmation before live use. In a trading automation context, this omission materially increases the risk that a user enables live execution without understanding that the bot can place real trades with real monetary consequences.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill can place real trades whenever it is invoked with the --live flag, with no secondary confirmation, environment guard, or explicit allowlist for production accounts. In an agent or automation context, a single flag flip, prompt injection into orchestration, or operator mistake can convert analysis code into code that spends funds and opens market exposure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal