Back to skill

Security audit

Polymarket News Monitor

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Polymarket monitoring skill with expected network checks, local logs, and optional user-configured webhook alerts, though its privacy/security wording should be clearer.

Install from a source you trust, verify the repository before cloning, and enable webhook notifications only for a destination you control. Expect the monitor to contact Polymarket endpoints and to write local state, alert history, and log files; remove any cron entry when you no longer want it running.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation describes capabilities that perform outbound network access and persistent local file writes, yet no permissions are declared. This creates a transparency and policy-enforcement gap: users or a hosting platform may assume the skill is less privileged than it actually is, increasing the risk of unauthorized data egress or unexpected stateful behavior.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The security section claims 'Read-only monitoring' and 'Local data only', but the same document advertises webhook notifications and local persistence in data files. These misleading assurances can cause users to enable the skill under false assumptions, potentially exposing monitored content to third parties and permitting writes on systems where such behavior is sensitive.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The webhook feature sends alert content to a user-supplied external URL, but the documentation does not warn that titles, URLs, timestamps, and potentially sensitive incident-related text from monitored content will leave the local environment. In security monitoring contexts, even seemingly public alerts can reveal operational interests, internal monitoring patterns, or forwarded content to unintended third parties.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal