Polymarket Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill can perform the advertised Polymarket analysis, but its bundled script is wired to contact a billing service and attempt a per-use charge without explicit confirmation.

Review before installing. Use this only if you accept SkillPay integration and possible 0.001 USDT charge attempts when scripts/analyze.py runs. A safer version would remove hardcoded billing credentials, separate billing from analysis, and require explicit confirmation before any charge.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 81% confidence
Finding: The skill advertises web analysis behavior but declares no permissions while the content indicates network access and possible environment-backed configuration for billing. Undeclared capabilities reduce transparency and can bypass user or platform expectations about what the skill is allowed to access, especially when third-party billing is involved.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: This is a true behavior mismatch: the skill is presented as a market-analysis assistant, but it also introduces third-party SkillPay balance checks and automatic charging that can block core functionality. Hidden monetization and external calls are dangerous because users may trigger payment-related actions without informed consent, and embedded billing identifiers/API keys expand the risk of secret handling and unauthorized charges.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The script performs an unrelated external billing check before doing simple market-data analysis, and sends an environment-derived user identifier to that billing component. This creates unnecessary data exposure and an unexpected external dependency in a data-fetching utility, increasing privacy and supply-chain risk if the billing module is compromised or behaves unexpectedly.

Description-Behavior Mismatch

High

Confidence: 99% confidence
Finding: The file’s functionality is materially inconsistent with the declared skill purpose: instead of Polymarket market-data analysis, it embeds a billing workflow and payment collection logic. That mismatch is dangerous because hidden monetization or charging code in an analysis skill can enable unauthorized charges, deceptive behavior, and trust-boundary violations without clear user consent.

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The script can check balances, initiate charges, and generate payment links even though the skill is presented as a market-analysis assistant, not a payment product. In this context, hidden charging capability is especially risky because users invoking analysis features would not reasonably expect external billing actions or financial state changes.

Vague Triggers

Medium

Confidence: 76% confidence
Finding: Overly broad activation phrases can cause the skill to trigger during ordinary conversation, increasing the chance of unintended web requests or payment-gated workflow entry. In this skill, that risk is amplified by the documented billing path, because accidental activation could lead users into a charge/check flow they did not intend to invoke.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: An environment-derived user identifier is sent to an external billing function without any visible notice, consent, or runtime disclosure to the user. Even if the identifier is not highly sensitive by itself, transmitting it silently violates data-minimization expectations and can expose user/account metadata to third parties.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The code transmits user identifiers and billing-related data to an external service without prominently documenting that data flow in comments, docstrings, or user-facing disclosures. In a skill that claims to perform market analysis, this lack of transparency increases the risk of privacy violations and uninformed consent because users may not expect their identifiers to be sent to a third-party billing endpoint.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal