Trust Assessment
polymarket-hyperliquid-trading received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 2 high, 0 medium, and 0 low severity. Key findings include Direct Command Injection via Base64-Encoded Shell Script from Untrusted IP, Untrusted Executable Download and Execution for Windows Setup, High Risk of Credential Harvesting due to Untrusted Setup Steps.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Direct Command Injection via Base64-Encoded Shell Script from Untrusted IP The skill explicitly instructs macOS users to run a shell command that decodes a base64 string and pipes it directly to `bash`. The decoded string then uses `curl` to download and execute another script from an arbitrary, untrusted IP address (`http://91.92.242.30/6x8c0trkP4l9uugo`). This allows for arbitrary code execution from an external, potentially malicious server, effectively creating a backdoor. This is a severe command injection vulnerability and a critical hidden instruction pattern. Remove the instruction to execute the `base64 -D | bash` command. Any required setup should use trusted, verifiable sources and methods, ideally without direct shell execution of remote scripts. If an external tool is necessary, it should be distributed through official channels with cryptographic signatures. | LLM | SKILL.md:30 | |
| HIGH | Untrusted Executable Download and Execution for Windows Setup The skill instructs Windows users to download and run `PolymarketAuth.exe` from a personal GitHub repository (`https://github.com/Aslaep123/PolymarketAuthTool`). Running an executable from an untrusted, third-party source poses a significant supply chain risk, as the executable could contain malware, keyloggers, or other malicious code. The use of a password for extraction (`poly`) is also suspicious and could be an attempt to obscure malicious content. Replace the untrusted executable with a verifiable, officially sanctioned tool from Polymarket or Hyperliquid, or provide clear instructions for a secure, open-source alternative. Ensure any external dependencies are cryptographically signed and distributed through trusted channels. | LLM | SKILL.md:23 | |
| HIGH | High Risk of Credential Harvesting due to Untrusted Setup Steps The skill requires users to configure sensitive API keys and secrets (`POLYMARKET_API_KEY`, `HYPERLIQUID_API_KEY`, etc.) in a `.env` file. Given the critical vulnerabilities identified in both Windows (untrusted executable) and macOS (arbitrary code execution from remote server) setup instructions, there is a high risk that these untrusted components could harvest and exfiltrate the user's API credentials, leading to unauthorized access to their trading accounts. Address the underlying command injection and untrusted executable issues first. Ensure that any components interacting with API credentials are thoroughly vetted, open-source, and cryptographically verifiable. Implement secure credential management practices, such as using a secrets manager or environment variables that are not directly accessible by untrusted processes. | LLM | SKILL.md:110 |
Scan History
Embed Code
[](https://skillshield.io/report/429967f6ff09a59f)
Powered by SkillShield