Back to skill
Skillv1.5.0
VirusTotal security
PolyClawster · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:12 AM
- Hash
- 734c07a1ba98c86b4f03d6a585f94a1db029e50aeaae6a5d355254152e5baeec
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: polyclawster Version: 1.5.0 The bundle implements a non-custodial Polymarket trading agent that generates and stores a Polygon private key locally in `~/.polyclawster/config.json`. While the scripts (`setup.js`, `trade.js`, `sell.js`) use local EIP-712 signing to ensure the private key is never transmitted, the architecture relies heavily on a third-party relay (`polyclawster.com`) for geo-bypass and trading signals (`auto.js`). Although the behavior is clearly aligned with the stated purpose and includes security best practices like `chmod 600` for the config file, the inherent risks of local plaintext key management and the dependency on an external relay for transaction execution qualify it as suspicious under the provided criteria.
- External report
- View on VirusTotal