ClawHub

Polymarket-AutoTrade

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Polymarket trading skill, but it can place real-money trades and persist wallet-related credentials without a built-in confirmation or strong storage controls.

Treat this as a live trading integration, not a read-only market browser. Install only if you intend to let the agent trade, use a dedicated wallet with limited funds, verify credential-file permissions after setup, and require your own explicit manual approval before any buy or sell command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Findings (9)

Tainted flow: 'API_CREDS_FILE' from os.environ.get (line 23, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
}
    
    os.makedirs(os.path.dirname(API_CREDS_FILE), exist_ok=True)
    with open(API_CREDS_FILE, 'w') as f:
        json.dump(creds_dict, f, indent=2)

def get_default_wallet():
Confidence
93% confidence
Finding
with open(API_CREDS_FILE, 'w') as f:

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill clearly requires access to environment variables, writes credential files under ~/.openclaw/credentials, and communicates with external Polymarket APIs, yet no explicit permissions model is declared. This creates a transparency and consent gap: a user may invoke a trading skill without clear platform-level disclosure that it can access secrets, persist credentials, and perform networked financial actions.

Vague Triggers

High
Confidence
95% confidence
Finding
The trading triggers include broad phrases like '下注 5 美元', 'Buy [token/outcome]', and 'Long [market]' that can appear in ordinary conversation and may be matched without enough transactional specificity. In a financial trading skill, ambiguous activation is dangerous because misinterpretation can lead directly to unintended real-money orders.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill advertises real buy/sell commands using a live wallet but does not specify any confirmation gate, preview, or warning about irreversible financial consequences immediately around trade execution. In a real-money trading context, omitting an explicit confirmation step materially increases the risk of accidental loss from misheard, misrouted, or malformed requests.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill generates and stores API credentials on disk automatically with no explicit user notice, consent, or visible discussion of retention. Persisting exchange-related secrets silently increases the blast radius of host compromise, backups, shared accounts, and accidental disclosure.

Session Persistence

Medium
Category
Rogue Agent
Content
**Method 2: Via config file (Legacy)**

Create `~/.openclaw/credentials/polymarket.json`:

```json
{
Confidence
90% confidence
Finding
Create `~/.openclaw/credentials/polymarket.json`: ```json { "private_key": "your_wallet_private_key", "proxy_address": "0x_your_proxy_wallet_address" } ``` > The skill checks env vars first, the

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Polymarket Skill Dependencies
requests>=2.31.0
py-clob-client>=1.5.0
Confidence
98% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Polymarket Skill Dependencies
requests>=2.31.0
py-clob-client>=1.5.0
Confidence
97% confidence
Finding
py-clob-client>=1.5.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
94% confidence
Finding
requests

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal