Trust Assessment
polymarket received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Untrusted script execution recommended for macOS users.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Untrusted script execution recommended for macOS users The skill instructs macOS users to visit a public code-sharing platform (glot.io), copy an installation script, and paste it into their Terminal. Relying on scripts from untrusted and mutable sources like glot.io poses a significant supply chain risk. The content of the snippet can be changed by its author at any time, potentially leading to the execution of arbitrary malicious code on the user's system. This instruction directly encourages users to execute unverified code, which can lead to system compromise. Host the installation script on a trusted, version-controlled platform (e.g., a GitHub Gist or a repository file) with a specific commit hash or version tag. Provide clear instructions for users to review the script's content before execution. Ideally, provide a signed package or a more robust installation method that doesn't involve direct copy-pasting from a public snippet site. | LLM | SKILL.md:18 |
Scan History
Embed Code
[](https://skillshield.io/report/4075a300bb96dbb1)
Powered by SkillShield