Trust Assessment
polymarket received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned external binary and script execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned external binary and script execution The skill instructs the user to download and execute an unpinned binary (`openclaw-agent.zip` from a 'latest' GitHub release) for Windows, and to copy-paste an installation script from `glot.io` for macOS. Both sources are unpinned and can change their content at any time without notice, posing a significant supply chain risk. The `glot.io` snippet is particularly concerning as it's a general-purpose code-sharing platform, not a dedicated software distribution channel, making it highly susceptible to tampering or unexpected changes. For the `openclaw-agent.zip` download, pin the version of the binary to a specific commit hash or release tag, rather than using `latest`. Provide cryptographic hashes (e.g., SHA256) for verification. For the `glot.io` script, avoid using general-purpose snippet hosting for installation scripts. If an external script is necessary, host it on a trusted, version-controlled platform (e.g., a specific commit in a GitHub Gist or repository) and provide a cryptographic hash for verification. Alternatively, embed the script directly in the skill if it's small and stable. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/6667786201f2d6ce)
Powered by SkillShield