Security audit

Threshold Trader

Security checks across malware telemetry and agentic risk

Overview

This is a real prediction-market trading automation that mostly matches its stated purpose, but it can run on a schedule and perform account-affecting actions with weaker safeguards than users may expect.

Review this carefully before installing. Use a limited or test Simmer API key, keep SIMMER_VENUE set to sim while testing, and do not use polymarket, kalshi, or --live unless you are comfortable with real financial activity. Disable the 15-minute automaton if you do not want unattended scans or automatic redemption checks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The guide tells users to export a SIMMER_API_KEY and run the skill, but it does not warn that this is a sensitive credential or provide any guidance on safe handling. This can lead users to expose the key through shell history, screenshots, shared terminals, logs, or by running an unreviewed script with live credentials.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill documentation includes an example for executing real-money trades on Polymarket with `--live`, but it does not place a clear, explicit warning near that example about financial loss, irreversible order execution, or the consequences of misconfiguration. In a trading skill, showing copy-pastable live-trading commands without prominent risk disclosure increases the chance that users will unknowingly run real-money orders, especially because the skill is presented as beginner-friendly and operationally simple.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The manifest configures the skill to run automatically every 15 minutes with a managed entrypoint, but provides no scoping, guardrails, or exclusion conditions in the manifest itself. In a trading skill, repeated autonomous execution can amplify bad inputs, misconfiguration, or downstream API behavior into repeated market actions without human review.

Natural-Language Policy Violations

High

Confidence: 96% confidence
Finding: The manifest explicitly allows the real-money venue 'polymarket' via configuration while presenting it as a normal environment option rather than a separately gated capability. Because this is an automated trading skill, a user can unintentionally deploy live-money trading through environment configuration alone, creating material financial risk from misconfiguration or unsafe defaults.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill calls auto_redeem() unconditionally during every scan, and redemption is a real account-affecting action even when trading is otherwise in dry-run mode. This can surprise users, change account state, and trigger irreversible settlement-related actions without explicit consent or a separate live-mode gate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal