polymarket-arbitrage-trading-bot
Fail
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation instructions direct the user to clone a project from an unverified third-party GitHub account:
https://github.com/apechurch/polymarket-arbitrage-trading-bot.git. - [REMOTE_CODE_EXECUTION]: The skill prompts the user to execute the downloaded code using commands like
npm run prod. Executing code from an unverified external source is a high-risk activity that can lead to total system compromise or financial theft. - [COMMAND_EXECUTION]: The bot's operational workflow relies on several shell commands (
git clone,npm install,npm run build,npm run prod) to initialize and execute logic provided by the external repository. - [DATA_EXFILTRATION]: The skill instructs users to configure highly sensitive credentials, specifically a wallet
PRIVATE_KEY, in a.envfile for use with the downloaded code. This creates a critical risk vector where the unverified code could exfiltrate the private key to a remote server controlled by the third-party author.
Recommendations
- AI detected serious security threats
Audit Metadata