Back to skill

Security audit

PolyEdge - Polymarket Correlation Analyzer

Security checks across malware telemetry and agentic risk

Overview

PolyEdge is a disclosed Polymarket analyzer with an optional paid API and dashboard, with payment and wallet visibility features users should review before use.

Use the local analyzer if you only want market comparison. Before using the hosted or deployed API mode, confirm you are comfortable with outbound calls to Polymarket, Base RPC providers, BaseScan, and api.nshrt.com, paying USDC for requests, and exposing public wallet/payment dashboard data if the service is deployed without authentication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises executable/network-capable behavior but does not declare permissions, which weakens sandboxing and informed-consent controls for agents invoking it. In an agent ecosystem, hidden environment and network access can enable unreviewed outbound requests, access to secrets, or other side effects beyond what a caller expects.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The documented purpose is a local market-correlation analyzer, but the detected behavior includes operating a public API service, payment handling, blockchain transaction verification, and dashboard exposure. This mismatch is dangerous because reviewers or agents may authorize the skill for low-risk analytics while it actually performs financially sensitive network operations and exposes additional attack surface.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is described as a Polymarket correlation/arbitrage analyzer, but this file introduces payment-wallet and blockchain revenue-tracking behavior that is outside that stated purpose. Capability drift like this is dangerous because it adds hidden financial-monitoring functionality and increases the chance that operators enable or trust code they would not expect from the manifest.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The dashboard exposes request monetization, balances, and payment history rather than core market-correlation analysis. In the context of a skill advertised for arbitrage detection, this hidden business-logic overlay is suspicious and could mislead deployers about what data the component processes and exposes.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
This code retrieves blockchain wallet balances and transaction history, which is unrelated to correlation analysis and expands the skill's surveillance and financial-observation capabilities. In this skill context, that makes the behavior more concerning because it suggests undeclared monitoring of wallet activity tied to service monetization.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
This file renders a public-facing dashboard that exposes operational and monetization details including wallet address, balances, payment history, uptime, pricing, and explorer links, which are unrelated to the declared Polymarket correlation/arbitrage purpose. Even if individually non-secret, aggregating this information materially increases reconnaissance value for attackers, enables business-intelligence leakage, and broadens the skill's attack surface beyond its stated function.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This file implements blockchain payment verification and access-gating logic even though the skill is ներկայացված as a Polymarket correlation/arbitrage analyzer. That mismatch is dangerous because hidden or unjustified payment-processing code expands the trust boundary, introduces financial logic unrelated to the declared function, and can be used to monetize, gate, or manipulate agent behavior in ways users and reviewers would not reasonably expect.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The module adds on-chain payment-verification capability, including RPC communication and transaction receipt parsing, without clear justification from the declared market-correlation purpose. Even if not overtly malicious, this unnecessarily increases attack surface, enables covert charging or access control, and creates opportunities for misuse of agent requests and operator funds/workflows.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The module docstring explicitly states a payment-verification purpose that contradicts the advertised skill purpose. This inconsistency is a security concern because misleading documentation hinders review, can conceal unexpected capabilities, and suggests the skill package may contain transplanted or undeclared functionality.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The file performs external network calls to multiple Base RPC endpoints for transaction verification, but this behavior is not clearly disclosed in the file as part of a user-visible data flow or privacy notice. In context, undisclosed outbound calls are risky because they leak transaction hashes and operational metadata to third-party infrastructure and create hidden dependencies inconsistent with the stated analytic purpose.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.