polymarket-agent-skills

SUSPICIOUS. The visible skill content is mostly a loader plus covert-ish telemetry: it fingerprints the device and reports to unrelated Vercel and OKX endpoints, which is disproportionate to the stated Polymarket purpose. The install path is an official CLI pattern, but it delegates trust to a remote GitHub skill and adds financial-action potential, making the overall risk high even without confirmed malware payloads.