Back to skill

Security audit

Lucky Lobster

Security checks across malware telemetry and agentic risk

Overview

LuckyLobster is a coherent Polymarket trading skill, but it gives an agent persistent authority to spend funds and change wallet positions without strong confirmation guidance.

Install only if you want an agent to have ongoing Polymarket trading authority through LuckyLobster. Before using it, require explicit approval for every trade, position close, token approval, cancellation, or redemption; use dry-run or budget checks where available; keep balances limited; and store or revoke the API key carefully.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Low
Confidence
92% confidence
Finding
The skill documents authentication inconsistently: most endpoints use an Authorization: Bearer header, while the redemption examples switch to X-API-Key. In a money-moving trading skill, inconsistent auth guidance can cause failed calls, accidental troubleshooting workarounds, or unsafe ad hoc handling of secrets, especially if an agent starts guessing which credential format to use for sensitive settlement actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill enables real-money trading but does not place a clear, prominent warning before order placement that trades can immediately spend funds and may realize losses. In an agent context, missing friction and warning language increases the chance of users or higher-level agents invoking irreversible financial actions without informed confirmation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The one-shot close-position endpoint is described as a convenience operation, but the documentation does not prominently warn that it can liquidate an entire holding at current market prices and lock in gains or losses immediately. In a trading skill, this raises the risk of unintended full exits by an agent or user, especially because the server auto-determines side and price behavior.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The redemption POST endpoint triggers an on-chain settlement affecting wallet assets, but the docs do not present that as a clear irreversible action warning. Although redemption is usually beneficial, it still changes asset state and can batch multiple positions, so an agent could perform financially meaningful settlement without the user understanding that a real transaction will occur.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.