polymarket-mcp-server

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.75). Although several links are benign documentation and localhost references, the presence of a direct raw.githubusercontent.com quickstart.sh and a GitHub repo from an individual/unknown account with explicit curl | bash instructions makes this a suspicious download source because piping an unreviewed shell script from an untrusted/low-reputation repo is a common malware delivery vector.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and subscribes to live, user-generated Polymarket content (e.g., search_markets, get_trending_markets, get_market_details, and WebSocket subscribe_to_market) and then runs AI-powered analyze_market_opportunity / smart_trade flows that can drive trading actions, so untrusted third‑party market content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs users to run an automated one-liner that fetches and executes remote code at runtime (curl -sSL https://raw.githubusercontent.com/caiovicentino/polymarket-mcp-server/main/quickstart.sh | bash and/or git clone https://github.com/caiovicentino/polymarket-mcp-server.git followed by ./quickstart.sh), so external content is fetched and executed to start the server.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading client for Polymarket with built-in order execution and wallet integration. It requires POLYGON_PRIVATE_KEY/POLYGON_ADDRESS, supports Place Limit Order and Place Market Order, Smart Trade (automatically parses instructions and executes trades), cancel_order, and portfolio-rebalancing that executes market orders. It therefore provides direct crypto/brokerage execution capabilities (signing transactions and sending orders on Polygon/Polymarket), not just generic APIs or browsing.