polymarket-telegram-picks

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Polymarket NBA odds-to-Telegram notifier, with no evidence of hidden data access or malicious behavior.

Install only if you want OpenClaw to fetch Polymarket NBA data and send AI-generated betting recommendations to your configured Telegram chat. Protect the bot token, confirm the chat ID, review any cron schedule before enabling it, and treat the recommendations as risky gambling-related content rather than financial advice.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill instructs the agent to execute local scripts, access environment variables or config files for Telegram credentials, and perform network exfiltration to Telegram, yet it declares no permissions. This weakens user awareness and platform enforcement, making it easier for a user to invoke a skill that can read secrets and send data externally without an explicit trust boundary.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 97% confidence
Finding: The documented behavior materially differs from the actual capability set: the skill can read local Telegram credentials, send messages externally, and may only fetch NBA summaries rather than perform the broader AI recommendation workflow claimed. Description-behavior mismatch is dangerous because users may authorize the skill under false assumptions, while hidden data access or outbound transmission occurs outside the expected scope.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger phrases are broad enough that normal conversation about Polymarket analysis or daily picks could activate the skill unintentionally. Because activation leads to shell execution and potential Telegram delivery, ambiguous triggering increases the chance of unintended external actions and data transmission.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill tells the agent to send analysis content to Telegram without an explicit warning or confirmation before external transmission. Any automatic outbound send can leak user-generated or model-generated content to a third-party service or wrong chat if credentials are misconfigured, making the lack of warning a meaningful safety issue.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal