Security audit

Polymarket CLI

Security checks across malware telemetry and agentic risk

Overview

This is a real Polymarket CLI helper, but it gives an agent under-scoped authority over live trading, wallet, and credential actions.

Install only if you intentionally want an agent to help operate a Polymarket wallet. Use a separate low-balance wallet, avoid putting private keys in chat or shell arguments, prefer a pinned and reviewed install method, and require manual confirmation before every trade, approval, bridge action, API-key change, bulk cancel, or wallet reset.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (6)

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill explicitly instructs the agent to directly execute write operations such as order placement, cancellations, approvals, bridge deposits, API key management, and wallet reset after only a technical precheck, with no requirement for explicit user confirmation or irreversible-action warning. In a trading and wallet-management context, this can cause unintended financial loss, unauthorized asset movement, or destructive account changes if the user request is ambiguous, injected, or misinterpreted.

Missing User Warnings

Medium

Confidence: 99% confidence
Finding: The installation guidance prioritizes a network-fetched shell script executed via curl-to-shell, without any integrity verification, pinning, or warning. If the remote source, GitHub account, transport, or referenced branch is compromised, the user may execute arbitrary code on the host with the privileges of the current user.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation explicitly shows passing a private key on the command line and importing raw private keys without a prominent warning. Command-line secrets can be exposed via shell history, process listings, logs, or terminal recordings, making credential compromise more likely in real-world operator use.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The wallet reset command is destructive and the current note is too minimal for an operation that may remove configuration and potentially unrecoverable key material. Users following a quick-reference sheet may execute it without understanding the permanence of the action, causing account lockout or loss of locally stored secrets.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: These commands perform live trading actions, including order placement, market orders, and broad cancellations such as cancel-all, but the reference does not clearly warn that they affect real funds and positions. In an automation-oriented terminal skill, omission of a strong warning increases the chance of accidental financial loss or unintended market activity.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: API key lifecycle commands are documented without explaining that keys are sensitive credentials and that deletion may break automations or integrations. Users may expose generated keys insecurely or revoke keys without understanding operational impact, leading to account misuse or service disruption.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal