moonpay-fund-polymarket
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill downloads a shell script from a remote URL (https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh) and pipes it directly into the shell (sh) for execution. This method of installation is high-risk as it bypasses verification and executes arbitrary code with the user's privileges.
- [COMMAND_EXECUTION]: The skill modifies file permissions using chmod +x to make a downloaded binary executable. It also provides instructions for manual binary installation to local directories and executes various command-line tools for wallet setup and trading.
- [EXTERNAL_DOWNLOADS]: The skill fetches installation scripts and binaries from an external GitHub repository belonging to the Polymarket organization.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata