polymarket-arbitrage-bot
Fail
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to clone a repository from an untrusted account (
infraform) athttps://github.com/infraform/polymarket-arbitrage-bot.git.- [REMOTE_CODE_EXECUTION]: The instructions involve executing code from the untrusted repository usingnpm installandnpm start, which allows for arbitrary code execution from a third-party source.- [CREDENTIALS_UNSAFE]: The bot requires aPRIVATE_KEYfor production trading, which is loaded from an environment file and accessed by the code, creating a risk of exposure to the untrusted external source.- [COMMAND_EXECUTION]: The skill uses multiple shell commands to set up and run the bot, includinggit clone,npm install, andnpm run buildon the host system.
Recommendations
- AI detected serious security threats
Audit Metadata