Trust Assessment
polymarket-arbitrage received a trust score of 17/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 1 high, 1 medium, and 1 low severity. Key findings include Arbitrary command execution, Suspicious import: requests, Dangerous call: subprocess.run().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 68/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/johny0920/polymarket-arbitrage/scripts/monitor.py:30 | |
| CRITICAL | Command Injection via user-controlled data directory path The `scripts/monitor.py` script uses `subprocess.run(cmd, shell=True)` to execute other Python scripts. The `cmd` string is constructed using f-strings that include file paths derived from the `--data-dir` command-line argument. Since `shell=True` is used, if a malicious user provides a `--data-dir` value containing shell metacharacters (e.g., `'; rm -rf /'`), these characters will be interpreted and executed by the shell, leading to arbitrary command execution. The `Path` object for `data_dir` is converted to a string before interpolation into the f-string, making it vulnerable. Avoid `shell=True` when executing external commands. Instead, pass the command and its arguments as a list to `subprocess.run()`. For example, `subprocess.run([sys.executable, str(script_dir / 'fetch_markets.py'), '--output', str(markets_file), '--min-volume', '50000'])`. If `shell=True` is strictly necessary, ensure all user-controlled inputs are rigorously sanitized or escaped using `shlex.quote()` before being interpolated into the command string. | LLM | scripts/monitor.py:107 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_command'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/johny0920/polymarket-arbitrage/scripts/monitor.py:30 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/johny0920/polymarket-arbitrage/scripts/fetch_markets.py:18 | |
| LOW | Unpinned dependencies in installation instructions The `SKILL.md` file instructs users to install `requests` and `beautifulsoup4` without specifying version pins. This can lead to non-deterministic builds, compatibility issues, or introduce security vulnerabilities if a new version of a dependency contains breaking changes or known exploits. It's best practice to pin dependencies to specific, known-good versions. Pin dependencies to specific versions (e.g., `requests==2.28.1 beautifulsoup4==4.11.1`) to ensure reproducible builds and mitigate risks from unexpected updates. Consider using a `requirements.txt` file. | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/34a5f553511a5be3)
Powered by SkillShield