庄家异动探测器

Security checks across malware telemetry and agentic risk

Overview

This paid Polymarket skill is not clearly malicious, but it exposes payment-account authority and overstates what the code appears to provide.

Review before installing or paying. Only use this if the maintainer removes and rotates the hardcoded SkillPay key, pins or allowlists the SkillPay host, clearly identifies the payment recipient, and updates the description to match the actual Polymarket price-mover behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Tainted flow: 'url' from os.getenv (line 233, credential/environment) → requests.post (network output)

Critical

Category: Data Flow
Content: "title": "OpenClaw Skill Payment", "description": "Polymarket Movers x3", } r = requests.post(url, json=body, headers=headers, timeout=20) if r.status_code not in (200, 201): raise HTTPException(status_code=502, detail="SkillPay create charge failed") data = r.json()
Confidence: 95% confidence
Finding: r = requests.post(url, json=body, headers=headers, timeout=20)

Tainted flow: 'url' from os.getenv (line 233, credential/environment) → requests.get (network output)

Critical

Category: Data Flow
Content: raise HTTPException(status_code=400, detail="Missing SKILLPAY_API_KEY") url = f"{SKILLPAY_API_BASE.rstrip('/')}/v1/charges/{charge_id}" headers = {"Authorization": f"Bearer {SKILLPAY_API_KEY}"} r = requests.get(url, headers=headers, timeout=20) if r.status_code != 200: raise HTTPException(status_code=502, detail="SkillPay status query failed") data = r.json()
Confidence: 95% confidence
Finding: r = requests.get(url, headers=headers, timeout=20)

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The skill's observable purpose is to fetch and rank Polymarket movers, but it embeds billing logic that creates and polls external payment charges before returning data. That hidden monetization path is a security and trust concern because it introduces credentialed third-party interactions and charge creation not clearly justified by the skill's functionality or disclosed to users.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The code reads and uses a payment-service secret despite no provided metadata establishing a need for credentialed external billing access. In context, this is more dangerous because the skill appears to be a simple market-data service, so bundling secret-backed payment actions expands attack surface and can lead to unauthorized external transactions or credential misuse.

Missing User Warnings

High

Confidence: 100% confidence
Finding: A live-looking default SkillPay API key is hardcoded directly in source and used automatically if no environment variable is set. This can expose the credential to anyone with code access, enable unauthorized charge creation or API abuse, and silently activate outbound payment behavior without operator awareness or user disclosure. In this skill context, that combination of secret exposure and hidden billing is especially dangerous.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal