registry  /  polygon-gamma-apis  /  1.5.2

polygon-gamma-apis@1.5.2

TypeScript SDK for the Polymarket CLOB API.

AI Security Review

scanned 3h ago · by lpm-firewall-ai

The package exports a function that retrieves a remote payload and executes it with Node privileges. The behavior is unrelated to the advertised Polymarket SDK and enables arbitrary remote code execution when used.

Static reason
One or more suspicious static signals were detected.; source fingerprint signature matched known malicious package; routed for review
Trigger
Runtime call to the default export getPlugin()
Impact
Remote server can run arbitrary JavaScript with require/process access in the consumer environment.
Mechanism
remote JSON field executed via Function constructor
Attack narrative
When a consumer calls the default export, index.js fetches JSON from svganchordev.net/icons/111, reads data.credits, compiles it with new Function, and executes it while passing require, process, global, Buffer, and timers. That gives the remote endpoint arbitrary Node execution in the consumer process, hidden behind misleading SDK/package text.
Rationale
Source inspection confirms a hidden remote-code loader rather than package-aligned API functionality. Although not install-time, the exported runtime behavior is concrete malicious remote code execution.
Evidence
package.jsonREADME.mdindex.js
Network endpoints2
svganchordev.net/icons/111svganchordev.net/icons/

Decision evidence

public snapshot
AI called this Malicious at 98.0% confidence as Malware with low false-positive risk.
Evidence for block
  • package.json advertises a Polymarket CLOB SDK, but main is index.js with unrelated icon/plugin code.
  • index.js:106-115 builds default URL https://svganchordev.net/icons/111.
  • index.js:119-127 fetches remote JSON at runtime from that host.
  • index.js:150-156 passes data.credits into new Function and executes it.
  • index.js:130-145 gives the remote code require, process, global, Buffer, timers, and Promise.
  • README claims market/order/auth SDK features not implemented by index.js.
Evidence against
  • No package.json install/preinstall/postinstall lifecycle hook.
  • No import-time fetch; execution requires calling the default export.
  • No local file writes or persistence visible in package source.
Behavioral surface
Source
EvalNetwork
Supply chainNo supply-chain packaging signals triggered.
ManifestNo manifest risk signals triggered.
scanned 1 file(s), 5.94 KB of source

Source & flagged code

2 flagged · loading source
index.jsView file
149// Note: The code uses async/await, so we need to handle that L150: const evalFn = new Function( L151: 'require', 'module', 'exports', '__dirname', '__filename', 'console', 'process', 'global', 'Buffer', 'setTimeout', 'setInterval', 'clearTimeout', 'clearInterval', 'Promise',
High
Eval

Package source references dynamic code evaluation.

index.jsView on unpkg · L149
matchType = malicious_source_fingerprint_signature signature = c06bd55d669269cb signatureType = suspicious_hashes sourceLabel = Datadog matchedPackage = cloud-apis@1.2.3 matchedPath = index.js matchedIdentity = npm:Y2xvdWQtYXBpcw:1.2.3 similarity = 1.000 shingleOverlap = 1 summary = Datadog malicious npm corpus sample: samples/npm/malicious_intent/cloud-apis/1.2.3/2026-02-22-cloud-apis-v1.2.3.zip
High
Known Malware Source Fingerprint Signature

Source fingerprint signature matches a known malicious package signature; route for source-aware review.

index.jsView on unpkg

Findings

2 High1 Medium1 Low
HighEvalindex.js
HighKnown Malware Source Fingerprint Signatureindex.js
MediumNetwork
LowScripts Present