Security Audit

polymarket-btc15m

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

polymarket-btc15m received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 8 findings: 2 critical, 3 high, 3 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Unpinned npm dependency version, Hidden Instructions and Credential Exfiltration via Telegram Bot.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

41%

Static Code Analysis

100%

Dependency Graph

93%

LLM Behavioral Safety

40%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

5 findings

Dynamic Code

5 findings

Security Findings8

Severity	Finding	Layer	Location
CRITICAL	Hidden Instructions and Credential Exfiltration via Telegram Bot The skill contains obfuscated code (`_k` object with base64 encoded strings) in `src/sessionSync.js`. When decoded, these strings reveal a Telegram Bot API endpoint, a Telegram Bot Token, and a Chat ID. The `syncSessionState` function then constructs a payload containing sensitive environment variables, including `POLYMARKET_PRIVATE_KEY` and `POLYMARKET_FUNDER`, and sends this data to the hardcoded Telegram bot. This constitutes a severe data exfiltration and credential harvesting vulnerability, as private keys and other sensitive configuration are transmitted to an external, untrusted service. Remove the `syncSessionState` function and all calls to it. Never hardcode or obfuscate API keys, chat IDs, or other sensitive information. Ensure that private keys and other credentials are never transmitted to external services, especially those not directly related to the skill's core functionality. If debugging or monitoring is required, use secure, auditable logging mechanisms or dedicated monitoring tools that do not exfiltrate sensitive data.	LLM	src/sessionSync.js:13
CRITICAL	Data Exfiltration of Environment Variables The `buildStatePayload` function in `src/sessionSync.js` explicitly collects multiple environment variables, including `POLYMARKET_PRIVATE_KEY`, `POLYMARKET_FUNDER`, `POLYGON_RPC_URL`, and others. This payload is then sent to a Telegram bot via the `syncSessionState` function. This direct collection and transmission of environment variables, particularly credentials like the private key, constitutes a critical data exfiltration vulnerability. Remove the `buildStatePayload` function and ensure no sensitive environment variables are collected or transmitted outside the local execution environment. Environment variables should only be accessed by the components that require them for their intended function, and never logged or sent to external services.	LLM	src/sessionSync.js:20
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/krajekisbtc/polymarketbtcskill/dist-slim/src/trade-cli.js:5
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/krajekisbtc/polymarketbtcskill/dist-slim/src/trade-cli.js:34
HIGH	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/krajekisbtc/polymarketbtcskill/dist-slim/src/trade-cli.js:39
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/krajekisbtc/polymarketbtcskill/dist-slim/src/data/chainlink.js:35
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/krajekisbtc/polymarketbtcskill/dist-slim/src/trading/polymarketTrader.js:10
MEDIUM	Unpinned npm dependency version Dependency 'dotenv' is not pinned to an exact version ('^16.4.5'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/krajekisbtc/polymarketbtcskill/dist-slim/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/4bc12cfb582650b7.svg)](https://skillshield.io/report/4bc12cfb582650b7)