polymarket-analyzer

The skill is conceptually appropriate for data collection and sentiment synthesis around Polymarket and Chinese market signals. However, it exhibits a notable security risk due to the curl | sh installer pattern pulling code from a raw GitHub URL without verifiable checksums or signatures, which constitutes a download-execute chain from an unverifiable source. This triggers a suspicious risk level and warrants remediation (e.g., pinning versions, using verified package registries, providing checksums, or distributing via official channels). Overall, the footprint is mostly benign in terms of credentials and privileged access, but the install/auto-run pattern elevates risk and should be addressed before trustful deployment.