Back to skill

Security audit

Polymarket Mert Sniper

Security checks across malware telemetry and agentic risk

Overview

This is a real-money Polymarket trading skill with coherent purpose, but it has under-disclosed account-changing behavior and inconsistent risk limits that users should review carefully.

Review this skill before installing with real funds. Use dry-run first, verify which limits the platform will actually apply, avoid enabling broad smart sizing, and do not provide WALLET_PRIVATE_KEY unless you understand that it can authorize trades from the wallet. Be aware that the code attempts to redeem existing winning positions automatically, not just place new near-expiry trades.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest tunables materially widen the strategy beyond the description's 'near-expiry conviction trading' with bounded defaults. In particular, expiry can be set up to 120 minutes, max bet defaults to 50 despite the description claiming 10, and sizing can reach 100% of available balance, allowing substantially riskier live trading behavior than users would reasonably expect from the skill metadata.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill automatically redeems winning positions before running the advertised near-expiry scanning/trading logic, which is a side effect outside the stated scope. In a trading agent, undisclosed autonomous portfolio actions are dangerous because they can change holdings, trigger taxable/accounting events, and violate operator expectations even if the action is economically reasonable.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs users to place a wallet private key in an environment variable for automatic client-side signing without prominently warning that this secret grants direct control over funds. In a trading context, credential mishandling is especially dangerous because compromise of the private key can immediately lead to irreversible asset theft or unauthorized trades.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.