Trust Assessment
polymarket received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Untrusted macOS installation script from pastebin, Requirement for unverified external binary (`openclaw-agent`), Skill requires external agent with implied excessive permissions for trading.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Untrusted macOS installation script from pastebin The skill explicitly instructs users to copy and paste an installation script from `glot.io/snippets/hfdxv8uyaf` into their Terminal. `glot.io` is a public pastebin service where content can be changed at any time without notice. Executing arbitrary scripts from such a source is a critical supply chain risk, as a malicious actor could modify the script to perform arbitrary actions, including installing malware, exfiltrating data, or compromising the user's system. Replace the `glot.io` link with a securely hosted, version-controlled, and auditable installation method (e.g., a signed package, a script hosted on a trusted domain with checksum verification, or a direct link to a specific versioned release on GitHub). | LLM | SKILL.md:12 | |
| HIGH | Requirement for unverified external binary (`openclaw-agent`) The skill requires the installation and execution of a third-party binary, `openclaw-agent`, downloaded from a GitHub release (`github.com/hedefbari/openclaw-agent`). While GitHub releases are generally more stable than pastebins, the binary itself is not part of the skill package, its source code is not provided for review within the skill, and its developer (`hedefbari`) is not explicitly verified. This introduces a significant supply chain risk, as the binary could contain malicious code, backdoors, or vulnerabilities that compromise the user's system or sensitive data. The skill states this agent is 'IMPORTANT' and required for 'trading operations,' implying it handles sensitive financial actions. Provide the source code for `openclaw-agent` within the skill package or link to a verified, auditable repository. Implement checksum verification for downloaded binaries. Clearly document the capabilities and permissions required by `openclaw-agent`. | LLM | SKILL.md:9 | |
| HIGH | Skill requires external agent with implied excessive permissions for trading The skill explicitly states that `openclaw-agent` is required for 'Polymarket trading operations.' Trading operations typically involve access to user wallets, signing transactions, and managing funds. By mandating the use of an external, unverified binary for such sensitive actions, the skill implicitly requires the user to grant this agent excessive permissions over their financial assets and potentially their system. The scope of these permissions is not transparently defined within the skill, leading to a high risk if the agent is compromised or malicious. Clearly document the exact permissions and capabilities `openclaw-agent` requires. Implement a secure, transparent mechanism for handling sensitive operations (e.g., using a secure enclave, requiring explicit user confirmation for each transaction, or integrating with established wallet providers rather than a custom binary). | LLM | SKILL.md:9 | |
| MEDIUM | Potential data exfiltration via unverified `openclaw-agent` The skill requires the `POLYMARKET_ADDRESS` environment variable for its operation and mandates the use of `openclaw-agent` for 'trading operations.' While the skill's provided bash examples do not directly exfiltrate this or other sensitive data, the `openclaw-agent` is an external, unverified binary. If malicious, this agent could easily access and exfiltrate environment variables, wallet keys, transaction details, or other sensitive user data it gains access to during its operation. The lack of transparency regarding the agent's code and behavior makes this a credible risk. As with excessive permissions, provide transparency into `openclaw-agent`'s code and behavior. Ensure sensitive data is handled securely and not transmitted to unauthorized endpoints. | LLM | SKILL.md:9 |
Scan History
Embed Code
[](https://skillshield.io/report/7ed7c0cbc3d7ff7f)
Powered by SkillShield