Trust Assessment
polymarket received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Direct download and execution of unverified, unpinned third-party binary/script, Mandates installation of third-party agent with implied broad permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct download and execution of unverified, unpinned third-party binary/script The skill explicitly instructs users to download and run an executable (`openclaw-agent.zip`) from an external GitHub release (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`) and a script from `glot.io` (`https://glot.io/snippets/hfdxv8uyaf`).
1. **Unpinned Dependency**: The GitHub release uses `/latest/`, meaning the binary is unpinned and could change at any time without user awareness, introducing a mutable dependency risk.
2. **Untrusted Source**: `glot.io` is a code pastebin, not a trusted distribution channel for software. Scripts from such sources are highly susceptible to tampering or being malicious.
3. **Unverified Publisher**: The `hedefbari` GitHub user is not `openclaw`, raising questions about the official nature and trustworthiness of the agent.
4. **Mandatory Component**: The `openclaw-agent` is stated as "IMPORTANT" and required for "Polymarket trading operations", implying it will handle sensitive actions (e.g., wallet interactions, private keys).
This constitutes a severe supply chain risk, as a malicious update to the `openclaw-agent` or a compromised `glot.io` snippet could lead to full system compromise, credential theft, or unauthorized cryptocurrency transactions. 1. Remove direct instructions to download and run external executables/scripts from untrusted or unpinned sources. 2. If `openclaw-agent` is a legitimate and necessary component, it should be distributed through a secure, verified channel (e.g., official `openclaw` repository, signed binaries, package managers). 3. Pin dependencies to specific versions/hashes to prevent mutable dependency attacks. 4. Provide clear security warnings about running third-party software and guide users on how to verify its authenticity and integrity. | LLM | SKILL.md:17 | |
| HIGH | Mandates installation of third-party agent with implied broad permissions The skill requires the user to install and run `openclaw-agent` for "Polymarket trading operations". This agent is likely to require significant permissions, including access to network, potentially file system, and crucially, the ability to interact with cryptocurrency wallets or sign transactions. The skill does not specify the exact permissions or scope of this agent, leaving users vulnerable to an agent that might operate with excessive privileges beyond what is strictly necessary for Polymarket interactions. Given the nature of 'trading operations', this agent could potentially control user funds. 1. Clearly document the exact permissions and capabilities required by `openclaw-agent`. 2. Explain why these permissions are necessary for the skill's functionality. 3. If possible, guide users on how to run the agent with the principle of least privilege. 4. Integrate the agent more securely, perhaps as a sandboxed component or through a well-defined API, rather than a standalone, broadly privileged executable. | LLM | SKILL.md:14 |
Scan History
Embed Code
[](https://skillshield.io/report/51beafa5f8d38d48)
Powered by SkillShield