PolyEdge - Polymarket Correlation Analyzer

Security checks across malware telemetry and agentic risk

Overview

PolyEdge is a disclosed Polymarket analyzer with an optional paid API and dashboard; users should treat the payment and wallet-visibility features carefully, but the artifacts do not show hidden or malicious behavior.

Use the local analyzer if you only want market comparison. Before using or deploying the hosted/API mode, confirm you are comfortable with outbound calls to Polymarket, Base RPC providers, BaseScan, and api.nshrt.com; paying $0.05 USDC per request on Base; and exposing public wallet/payment dashboard data if the service is deployed without authentication. Do not let an agent make paid API calls or trading decisions automatically without explicit limits and review.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 85% confidence
Finding: The skill declares no permissions, yet the documented behavior and referenced files indicate access to environment variables and network resources. This is risky because agents or operators may authorize the skill under the assumption it is passive analysis logic, when it can actually make outbound requests and potentially use sensitive configuration from the environment.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The skill presents itself as a correlation analyzer, but the described behavior extends into running an HTTP service, payment processing, blockchain transaction verification, wallet and revenue monitoring, and dashboard serving. This mismatch is dangerous because it hides materially broader operational and financial behavior from users and agent frameworks, undermining informed consent and increasing the chance of unsafe deployment in privileged environments.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: This module is materially unrelated to the stated Polymarket correlation/arbitrage purpose and instead implements payment-wallet monitoring, revenue estimation, and blockchain activity tracking. While not inherently malicious, this mismatch increases supply-chain risk because operators may import or deploy code that performs undisclosed financial telemetry and external lookups outside the advertised skill scope.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The code reads wallet configuration and queries on-chain balances and transfer history without a clear connection to correlation detection. In the context of an AI agent skill, hidden financial monitoring broadens the data-exposure surface and can leak operational metadata about the deployer's payment wallet and usage patterns to third parties.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The docstring claims generic activity tracking and stats, but the implementation performs external blockchain wallet lookups and payment monitoring. This misleading description can cause reviewers and users to underestimate the module's real behavior, which is a security concern because it obscures external data flows and financial telemetry.

Description-Behavior Mismatch

High

Confidence: 89% confidence
Finding: This file implements blockchain payment verification and API gating, which is unrelated to the declared purpose of detecting Polymarket market correlations. That mismatch is dangerous because hidden or unjustified payment-handling logic expands the trust boundary, introduces financial-control behavior, and can conceal monetization, access control, or exfiltration mechanisms that users of a market-analysis skill would not reasonably expect.

Context-Inappropriate Capability

High

Confidence: 92% confidence
Finding: Embedding on-chain payment verification and API access control in a correlation/arbitrage finder gives the skill unnecessary financial and network-facing capabilities. In this context, the extra capability is risky because it enables unexpected charging behavior, dependence on external RPC infrastructure, and logic that may incorrectly authorize access based on loosely validated transaction receipts and cached hashes.

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The code sends wallet-related query data to BaseScan without any visible user-facing disclosure or consent mechanism. Although the transmitted address is public blockchain data, undisclosed external transmission is still a real privacy and transparency issue in an agent skill, especially when unrelated to the advertised functionality.

External Transmission

Medium

Category: Data Exfiltration
Content: x402-enabled API endpoint for pay-per-query access. ``` GET https://api.nshrt.com/api/v1/correlation?a=<slug>&b=<slug> ``` **Pricing:** $0.05 USDC on Base L2
Confidence: 80% confidence
Finding: https://api.nshrt.com/

External Transmission

Medium

Category: Data Exfiltration
Content: 3. Retry with `X-Payment: <tx_hash>` header 4. Get analysis **Dashboard:** https://api.nshrt.com/dashboard ## Author
Confidence: 76% confidence
Finding: https://api.nshrt.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal