Skill Trust Decision
polymarket-pro
纯文档型 Skill,采用 curl|sh 远程脚本执行模式安装官方 CLI,缺乏代码审查能力,存在远程代码执行风险但有官方来源合理解释
Most direct threat evidence
High RCE
curl|sh 远程脚本执行模式 SKILL.md 第 35 行采用 curl -sSL https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh | sh 安装 CLI,这是高危攻击模式(常见于供应链攻击),无法在安装前验证脚本内容
SKILL.md:35 Why this conclusion was reached
3/4 dimensions flagged Block
Declared vs actual capability
1 undeclared or violating capabilities were inferred.
Block
Hidden execution and egress
1 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 1 severe findings.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
What drove the risk score up
curl|sh 远程脚本执行 +20
SKILL.md:35 采用 curl -sSL URL | sh 模式,存在 RCE 风险但官方来源有合理解释
无脚本代码审查 +15
纯文档包,无 scripts/ 目录,无法验证安装后实际行为
凭证路径声明 +5
文档提到私钥和环境变量处理,存在凭证访问场景但已声明
Most important evidence
High RCE
curl|sh 远程脚本执行模式
SKILL.md 第 35 行采用 curl -sSL https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh | sh 安装 CLI,这是高危攻击模式(常见于供应链攻击),无法在安装前验证脚本内容
SKILL.md:35 优先使用 Homebrew 安装方式(SKILL.md:29-32 已声明),或要求提供安装脚本源码供审查
Medium Supply Chain
安装源不可验证
GitHub raw 脚本内容随时可变更,无法保证供应链安全。建议锁定安装版本或提供源码包
SKILL.md:35 使用版本锁定的安装包或 Homebrew,确保可复现和安全审查
Low Sensitive Access
凭证路径访问声明
文档声明访问 ~/.config/polymarket/config.json 和 POLYMARKET_PRIVATE_KEY 环境变量,属于交易工具正常功能
SKILL.md:42 已声明,符合预期使用场景
Declared capability vs actual capability
Shell Block
Declared READ
→ Inferred WRITE
SKILL.md:35 — curl|sh 执行外部脚本 Environment Pass
Declared READ
→ Inferred READ
SKILL.md:42 — POLYMARKET_PRIVATE_KEY 环境变量 Filesystem Pass
Declared READ
→ Inferred READ
SKILL.md:44 — ~/.config/polymarket/config.json Suspicious artifacts and egress
Critical Dangerous Command
curl -sSL https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh | sh SKILL.md:35
Dependencies and supply chain
There are no structured dependency warnings.
File composition
1 files · 494 lines
Markdown 1 files · 494 lines
Files of concern · 1
SKILL.md curl|sh 远程脚本执行模式 · 安装源不可验证 · 凭证路径访问声明 · curl -sSL https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh | sh
Security positives
纯文档型 Skill,无可执行代码,攻击面有限
文档结构清晰,功能描述与风险匹配(交易 CLI 确实需要私钥/钱包操作)
提供 Homebrew 安装方式作为替代方案
标注了与 Polyclaw 的差异,用户可选择更安全的方案