Security audit

Polymarket Weather Trader

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed automated weather-market trading skill with real-money risk only when run live, but no evidence of hidden, deceptive, destructive, or unrelated behavior.

Install only if you intend to run an automated trading strategy and understand that --live can place real orders and lose funds. Prefer dry-run or TRADING_VENUE=sim first, use small caps, avoid sharing broad wallet credentials, and review imported markets and thresholds before any live run.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The skill automatically discovers and imports external Polymarket markets into Simmer, which expands its operational scope beyond evaluating already-known weather markets. Even if intended for convenience, this creates a supply-chain/trust-boundary issue: external content is pulled into the trading environment without explicit user approval, increasing the chance of interacting with unexpected or maliciously named markets.

Vague Triggers

Medium

Confidence: 78% confidence
Finding: The top-level description uses broad trigger language such as trading, automation, forecasts, and strategies without clear limits, making it easier for an agent to invoke the skill in situations the user did not specifically intend. In a real-money trading context, over-broad routing increases the chance of unintended financial actions or exposure of portfolio-related data.

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The 'When to Use This Skill' section includes broad phrases like 'trade automatically' and 'buy low on weather predictions' without requiring strong confirmation or defining boundaries. Because the skill can progress from analysis to live trading, permissive trigger guidance materially raises the risk of accidental or overly aggressive invocation.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The manifest explicitly supports automated trading and optionally accepts a wallet private key, but it does not present any explicit user-facing warning about financial loss, live order execution, or key-handling risk. In a trading skill, this omission is security-relevant because users may enable real-money trading or provide sensitive wallet credentials without understanding the consequences, increasing the chance of unintended trades or secret exposure through surrounding tooling.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: In live mode, the skill can auto-redeem and place real trades immediately based on command-line flags and automated strategy logic, with no interactive confirmation at execution time. This is dangerous because a mistaken invocation, automation misconfiguration, or prompt-injection-driven tool use could trigger irreversible financial actions without a final human check.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal