v1.0.2

Polymarket Agent

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:55 AM.

Analysis

The skill is coherent with its Polymarket trading purpose, but it requests a wallet private key and supports autonomous financial trades, so it needs careful review before use.

GuidanceOnly install this if you are comfortable giving a trading assistant access to a dedicated Polymarket wallet. Use a separate wallet with limited funds, keep autonomous trading off by default, approve each trade manually, and review or clear any saved trading memory.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

Execute trades when the user approves (or autonomously if configured)

The skill explicitly allows financial trades to be executed without per-trade approval when autonomous mode is configured, but the artifacts do not define spending limits, allowed markets, stop conditions, or reversibility.

User impactIf autonomous mode is enabled or a trade is run with insufficient review, the agent could place real Polymarket orders using the user's funds.

RecommendationKeep autonomous trading disabled unless strict budget, market, and confirmation rules are added; use per-trade approval for all orders.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

clawdbot cron --name "Check BTC market" ... --system-event "Check Bitcoin $150k market status and report" --wake now

The skill documents scheduled market-monitoring jobs, which are purpose-aligned but can continue operating after the initial conversation.

User impactScheduled monitoring could keep producing agent activity or alerts until cancelled.

RecommendationCreate scheduled jobs only for specific user-approved monitoring tasks and track how to list and remove them.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

requirements.txt

py-clob-client
requests
rich
questionary
web3
typer[all]

The Python dependencies are not version-pinned, so installation may pull future package versions that were not represented in the reviewed artifacts.

User impactDependency changes could alter behavior or introduce vulnerabilities later.

RecommendationPin dependency versions and use a dedicated virtual environment before installing.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

configure.py

private_key = questionary.password("Enter your Private Key (starts with 0x...):").ask() ... configure_clawdbot("POLYMARKET_KEY", private_key)

The setup flow asks for a Polygon wallet private key and stores it in Clawdbot configuration, giving the skill high-privilege trading authority.

User impactA wallet private key can authorize financial actions; misuse or exposure of the stored key could put wallet funds at risk.

RecommendationUse a dedicated low-balance wallet for this skill, avoid reusing a main wallet key, and verify how Clawdbot protects stored configuration secrets.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Use Clawdbot's memory to: Remember user's past trades and outcomes ... Remember user's risk profile and preferences

The skill instructs persistent storage of sensitive financial behavior and risk preferences, but does not define retention, deletion, or when this memory should be reused.

User impactTrading history and risk profile data may persist and influence future recommendations or actions beyond the immediate task.

RecommendationStore only minimal trading preferences, avoid saving sensitive financial details, and periodically review or clear related memory.