Polymarket Divergence Trader

Security checks across malware telemetry and agentic risk

Overview

The available evidence does not prove unsafe behavior, but the actual skill artifact was not present in the workspace to verify the reported trading-venue mismatch.

Before installing, confirm the skill's manifest and runtime options list every live trading venue it can use, especially Polymarket and Kalshi, and only enable live execution after checking credentials, order placement controls, and dry-run defaults.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The code permits live execution on Kalshi via the --live-venue argument even though the skill description says live execution is optional on Polymarket. In a trading skill, hidden or undocumented support for another real-money venue expands operational scope and could cause users or orchestration systems to send live orders to an unintended platform.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: There is a mismatch between the declared behavior and the implementation: the manifest indicates Polymarket live execution, but the parser allows Kalshi too. In the context of a trading skill with optional live execution, this discrepancy matters because users may trust metadata to constrain where real trades can be placed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal