Back to skill

Security audit

Polymarket Elon Tweets

Security checks across malware telemetry and agentic risk

Overview

This is a real trading helper, but it asks for highly sensitive wallet access and can place real market trades, so it should be reviewed carefully before use.

Install only if you understand it can place real trades in live mode. Prefer managed-wallet or safer signing flows, avoid using a production wallet private key, use a dedicated low-balance wallet if self-custody is required, and treat status output as sensitive financial account data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill includes an import_event capability that can create or add market resources in Simmer rather than only trading already-available markets. In this context, that expands the skill's side effects beyond the declared trading-only scope, which increases operational risk and can surprise users or automation systems that expected read/search plus trading behavior only.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The main strategy path automatically attempts to import missing Polymarket events when searches return no existing markets, which is broader behavior than the manifest description suggests. This mismatch can cause unintended external side effects and violates least surprise, especially in agent environments where users may authorize trading but not resource creation/import operations.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script’s actual behavior targets a Simmer account portfolio and positions API, which is materially unrelated to the declared Polymarket/XTracker Elon tweet trading purpose. This kind of capability mismatch is dangerous because it can trick users or automated systems into supplying unrelated financial credentials and exposing sensitive account data under false pretenses.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The code reads a SIMMER_API_KEY even though the skill is presented as Polymarket/XTracker-related, indicating collection and use of credentials outside the advertised function. In a skill ecosystem, this mismatch increases the risk of credential phishing, unauthorized account inspection, and covert expansion of the skill’s access beyond what users intended to grant.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The embedded documentation explicitly describes a 'Simmer Account Status' tool, contradicting the declared Polymarket Elon tweet trading skill. This inconsistency is a strong indicator of deceptive packaging: users may invoke or install the skill for one purpose while unknowingly running code that inventories another financial account, making the context more dangerous because the skill operates in a finance/credential-bearing domain.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The description is broad enough to trigger on generic trading or automation requests, which can cause the agent to select a high-risk live-trading skill in situations where the user did not explicitly request wallet-connected market execution. In this context, overbroad routing is more dangerous because the skill can lead to real financial trades and collection of sensitive credentials.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs users to provide and store a wallet private key in an environment variable, but it does not give strong operational security guidance or recommend safer alternatives. Because this is a live-trading skill tied to a funded wallet, mishandling that key could result in total wallet compromise and irreversible asset loss.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The manifest enables a managed automaton entrypoint but provides no explicit trigger conditions, guardrails, or exclusions describing when the trading logic should run. In a financial trading skill, ambiguous activation scope increases the chance of unintended autonomous execution, which can place trades without sufficiently clear user intent or contextual constraints.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manifest advertises live trading functionality and references optional use of a wallet private key, but it does not present an explicit warning about irreversible financial actions, loss risk, or secret-handling sensitivity. In this context, users may enable the skill or supply credentials without understanding that it can execute market trades or expose high-value secrets if misconfigured.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.