Polymarket Candle Momentum

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed trading bot, but it needs review because it can place real trades quietly and has scope/monitoring mismatches that could make exposure harder to understand.

Install only if you are comfortable running a live financial automation tool. Test in dry-run first, use a low-privilege/dedicated Simmer API key if available, keep max_position small, avoid --quiet until you have separate monitoring, and verify which assets and source tags are actually being used before enabling cron or --live.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The skill metadata claims it scans BTC, ETH, SOL, XRP, and BNB, but the code also includes DOGE, ADA, and AVAX in the tradable asset map. Even if the default configured asset list is narrower, this mismatch expands the reachable trading scope and can lead to unintended market exposure if configuration changes or future code paths use those symbols.

Intent-Code Divergence

Low

Confidence: 84% confidence
Finding: Trades are tagged with source="sdk:polymarket-candle-momentum", but position lookup uses source="candle-momentum". This inconsistency can hide or omit positions from monitoring output, making it harder for operators to detect active exposure or respond to bad trades.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal