Trust Assessment
polymarket-trading received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Insecure Handling of Private Key, Command Injection via Unsanitized URL Parameters in `curl`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Insecure Handling of Private Key The `scripts/place-order.sh` script loads a highly sensitive Ethereum private key from a configuration file (`~/.config/polymarket/credentials.json`) or environment variables (`POLYMARKET_PRIVATE_KEY`). While the provided script currently uses a placeholder for the transaction signature, the explicit loading of a private key indicates the intent for its use in signing. Storing and loading private keys directly into shell scripts, especially without robust isolation or hardware security modules, exposes them to significant risks such as process snooping, history file leakage, or accidental logging. An attacker gaining control of the agent's execution environment could potentially exfiltrate this key, leading to compromise of the associated wallet. Implement secure key management practices. Avoid loading private keys directly into shell scripts. Consider using a dedicated signing service, a secure enclave, or a Web3 wallet integration that handles key management externally and only provides signed transactions or prompts for user confirmation. If environment variables are used, ensure they are never logged or exposed, and restrict access to the environment where the script runs. | LLM | scripts/place-order.sh:7 | |
| HIGH | Command Injection via Unsanitized URL Parameters in `curl` The `scripts/check-positions.sh` and `scripts/list-markets.sh` scripts construct `curl` commands by directly interpolating user-controlled variables (e.g., `MARKET`, `CATEGORY`, `SEARCH`, `SORT`) into the URL query string without proper sanitization or quoting. If an attacker can control these input variables (e.g., by crafting malicious arguments to the skill's scripts), they could inject shell metacharacters (like `;`, `|`, `$(...)`) to execute arbitrary commands on the host system. For example, in `list-markets.sh`, if `--category` is provided as `foo; evil_command; #`, the `curl` command would become `curl ... &category=foo; evil_command; #`, leading to `evil_command` execution. Always quote variables used in shell commands, especially when they originate from user input. For URL parameters, URL-encode the values before concatenating them into the URL string. For `curl`, consider using the `-G` and `--data-urlencode` options for GET requests to handle parameters safely, or explicitly quote and escape variables. | LLM | scripts/list-markets.sh:34 | |
| MEDIUM | Missing required field: name The 'name' field is required for openclaw skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/kellyclaudeai/polymarket-trading/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/806059b449cf5ca7)
Powered by SkillShield