Polymarket News Events

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed automated trading skill, but live mode can place recurring real trades with limited built-in containment.

Install only if you are comfortable running an automated trading bot. Keep it in dry-run or simulation mode until you have reviewed the code and dependencies, use a capped or least-privilege trading key, control or disable the cron schedule, and add explicit market, trade-count, and daily-loss limits before enabling live trading.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill documentation describes capabilities that require environment access, network access, and likely file read/write behavior, but it does not declare any permissions. This creates a transparency and least-privilege problem: a user or runtime may trust the skill as lower-risk than it really is, even though it can access API keys, fetch untrusted remote content, and potentially persist data or logs.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: In live mode, the skill places real trades directly from externally sourced RSS content with no explicit confirmation or high-friction warning at the moment of execution. In a trading skill, that is dangerous because noisy, spoofed, or misclassified news can immediately trigger irreversible financial actions, making accidental loss much more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal