polymarket-mcp-server

SUSPICIOUS. The capability set mostly matches a Polymarket trading skill, but the trust story is weak: the advertised publisher and install repo differ, installation uses a remote curl|bash script, and the skill asks the agent to handle a blockchain private key while enabling autonomous financial actions. That combination creates high security risk even without clear evidence of overt credential exfiltration.