Security audit

Polymarket Ai Divergence

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed prediction-market trading skill with real-money capability only in explicit live mode, plus limited simulated-trading behavior.

Install only if you intentionally want an agent-assisted trading tool. Start in dry-run mode, use small max bet and daily budget limits, keep the Simmer API key revocable, and review `--live` carefully because live trades may spend real money without per-trade confirmation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill provides a direct live-trading command (`--live`) and describes automatic trade execution without a prominent warning that actions may involve real money and can be irreversible. In this context, the omission is especially dangerous because the skill is explicitly designed to place market trades, so a user could invoke live mode without appreciating financial loss, account impact, or the need for confirmation safeguards.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The code will enter the trade-execution path whenever the venue is set to "sim", even if the user did not pass --live. That means an external environment variable can silently change behavior from scan-only to order placement on a paper/simulated venue, which weakens operator intent checks and can cause unintended automated trading activity or surprise side effects in managed environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal