Skill Trust Decision
polymarket-opportunities-scanning
Skill declares only network:READ via public API, but actual code uses shell:WRITE (execSync/osascript) and filesystem:WRITE without disclosure in documentation.
Most direct threat evidence
High Doc Mismatch
Shell execution undeclared in SKILL.md SKILL.md states 'No external API keys required' and implies only network:READ via public fetch. However, send-report.js uses execSync to spawn shell processes and osascript for AppleScript execution — shell:WRITE capability not disclosed.
scripts/send-report.js:47 Why this conclusion was reached
2/4 dimensions flagged Block
Declared vs actual capability
3 undeclared or violating capabilities were inferred.
Review
Hidden execution and egress
3 lower-risk artifacts were extracted and still need context.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 2 severe findings.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
What drove the risk score up
Undeclared shell execution via execSync +20
SKILL.md claims no external deps, only network:READ, but send-report.js uses execSync to run node commands
Undeclared osascript execution +15
AppleScript execution via osascript not declared — allows arbitrary macOS command execution
Undeclared filesystem:WRITE +10
Writes opportunities.json without declaration in SKILL.md
Most important evidence
High Doc Mismatch
Shell execution undeclared in SKILL.md
SKILL.md states 'No external API keys required' and implies only network:READ via public fetch. However, send-report.js uses execSync to spawn shell processes and osascript for AppleScript execution — shell:WRITE capability not disclosed.
scripts/send-report.js:47 Declare shell:WRITE in SKILL.md capabilities section if shell execution is necessary. Document what commands are executed.
High Doc Mismatch
osascript/AppleScript execution undeclared
Email delivery via osascript is not mentioned in SKILL.md. This allows arbitrary macOS command execution through AppleScript, a significant attack vector if the .env is compromised or the script is modified.
scripts/send-report.js:55 Document osascript usage or switch to a documented email library (nodemailer, sendgrid) if possible.
Medium Doc Mismatch
Filesystem write access not declared
SKILL.md does not mention that scanner.js writes opportunities.json to disk. While legitimate for the use case, this filesystem:WRITE capability should be declared.
scripts/scanner.js:217 Declare filesystem:WRITE in SKILL.md capabilities section.
Medium Doc Mismatch
.env loading not documented
send-report.js loads configuration from .env file but this behavior is not mentioned in SKILL.md setup instructions (only references/setup.md).
scripts/send-report.js:15 Document .env file usage in SKILL.md setup section.
Declared capability vs actual capability
Network Pass
Declared READ
→ Inferred READ
scanner.js:13 fetches gamma-api.polymarket.com Shell Block
Declared NONE
→ Inferred WRITE
send-report.js:47 execSync, send-report.js:55 osascript Filesystem Block
Declared NONE
→ Inferred WRITE
scanner.js:217 fs.writeFileSync Environment Block
Declared NONE
→ Inferred READ
send-report.js:15-24 .env loading Suspicious artifacts and egress
Medium External URL
https://polymarket.com/event/... SKILL.md:65
Medium External URL
https://gamma-api.polymarket.com scripts/scanner.js:12
Medium External URL
https://polymarket.com/event/$ scripts/scanner.js:151
Dependencies and supply chain
There are no structured dependency warnings.
File composition
4 files · 551 lines
JavaScript 2 files · 372 linesMarkdown 2 files · 179 lines
Files of concern · 3
scripts/scanner.js Filesystem write access not declared · https://gamma-api.polymarket.com · https://polymarket.com/event/$
scripts/send-report.js Shell execution undeclared in SKILL.md · osascript/AppleScript execution undeclared · .env loading not documented
SKILL.md https://polymarket.com/event/...
Other files · setup.md
Security positives
Uses native fetch API, no external dependencies with known vulnerabilities
No hardcoded credentials or API keys in source code
No base64 obfuscation or suspicious encoding patterns
Legitimate financial data analysis use case with plausible business justification
Output file (opportunities.json) is local and not exfiltrated