Trust Assessment
polymarket-trading received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential Typosquatting and Unpinned Dependencies in Skill Installation, Private Key Export Functionality, Private Key Passed as Command-Line Argument.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Typosquatting and Unpinned Dependencies in Skill Installation The skill installation instructions include a `curl` command to download `HEAERBEAT.md` from `clawearn.xyz`. This appears to be a typo for `HEARTBEAT.md`. A malicious actor could register a domain or path matching the typo to serve malicious content, leading to supply chain compromise if the user executes the command. Additionally, the `curl` commands do not pin versions or verify content hashes, making the installation vulnerable to compromise of the `clawearn.xyz` domain itself. Correct the typo in the URL to the intended filename (e.g., `HEARTBEAT.md`). Implement content hash verification (e.g., `sha256sum`) for downloaded files to ensure integrity and prevent tampering. Pin specific versions of files if possible. | LLM | SKILL.md:30 | |
| HIGH | Private Key Export Functionality The skill provides a command `clawearn polymarket account export-key` which allows direct retrieval of a user's private key. While the skill includes a critical security warning against sharing private keys, the presence of this command creates a credible exploit path. A malicious prompt or a compromised agent could execute this command to extract the private key and then exfiltrate it, leading to complete compromise of user funds. Reconsider the necessity of an `export-key` command within an agent skill. If absolutely necessary, implement strong safeguards, such as requiring explicit user confirmation for each export, or restricting its use to specific, highly-secured environments. Ensure the agent's execution environment prevents output of such sensitive commands from being logged or transmitted. | LLM | SKILL.md:49 | |
| MEDIUM | Private Key Passed as Command-Line Argument The skill documentation provides an example command `clawearn polymarket balance check --private-key $YOUR_PRIVATE_KEY` which demonstrates passing a private key directly as a command-line argument. This practice is insecure as private keys can be exposed in shell history, process lists, or logs, making them vulnerable to compromise. While other storage methods (environment variables, config files) are mentioned, this example encourages a less secure method. Remove examples that pass private keys directly as command-line arguments. Emphasize and exclusively show the use of secure credential storage mechanisms (e.g., environment variables, secure configuration files, or dedicated credential managers) for private keys. | LLM | SKILL.md:66 |
Scan History
Embed Code
[](https://skillshield.io/report/eeb2bd4ccac611cb)
Powered by SkillShield