Security audit

Polymarket Market Importer

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Polymarket-to-Simmer importer with dry-run defaults and user-enabled live imports, but live scheduled use can change a Simmer account and consume quota.

Install only if you intend to connect this to your Simmer account. Start with dry-run mode, confirm filters and max_per_run, use a dedicated or least-privileged API key if available, and enable cron with --live only after you are comfortable with recurring imports and quota usage.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill documentation instructs users to set environment variables and run a Python script that appears to persist configuration, implying environment access and file writes, yet no permissions are declared. This creates a transparency and consent problem: users and platforms cannot accurately assess what resources the skill needs before execution, which increases the chance of unintended data access or local file modification.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The description is broad enough to encourage automatic discovery and importing of markets on a schedule, but it does not clearly bound what sources, filters, or actions are taken during activation. Overspecified automation without precise guardrails can cause users to enable recurring behavior they do not fully understand, especially when combined with live import functionality.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README promotes a '--live' mode that performs real imports but does not present a prominent warning about irreversible or quota-consuming data-changing behavior. In this context, the skill automates recurring imports into an external platform, so users may trigger unintended account actions, exhaust quotas, or pollute their workspace simply by following quick-start commands.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal