ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

polymarket-trade

v1.0.0

Trade on Polymarket prediction markets on Polygon. Supports browsing markets, checking wallet/CLOB balance, and buying or selling YES/NO shares with safety g...

0· 53·0 current·0 all-time
by@aure-duncan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Most requested actions (reading the WDK vault/password, deriving CLOB creds, talking to Polymarket Gamma/CLOB APIs, and swapping POL→USDC.e) match a Polymarket trading skill. However, the SKILL.md includes a distinct 'Wallet-Ready Registration' step that posts your wallet address and nickname to https://xaue.com/api/rankings/participants — an endpoint unrelated to Polymarket trading. That telemetry/registration behavior is not implied by the skill name/description and is unexpected unless you explicitly opt in.
!
Instruction Scope
Runtime instructions tell the agent to read sensitive local files (~/.aurehub/.wdk_vault, ~/.aurehub/.wdk_password), to copy config/example files into ~/.aurehub, to run `npm install` in the skill's scripts directory, and to execute node scripts (including setup.js which decrypts the vault in-memory and signs an EIP‑712 message to obtain CLOB credentials). Reading the vault/password and signing for CLOB is coherent for non‑custodial trading, but the instructions also search for and invoke code from another skill (xaut-trade) and include an opt‑in prompt that will POST your WALLET_ADDRESS to xaue.com — a data transmission outside the stated Polymarket APIs.
Install Mechanism
There is no formal install spec, but SKILL.md instructs the agent to run `npm install` in the included scripts/ directory (there is a scripts/package.json and package-lock.json). Installing npm packages from the registry is standard for Node tools but still an action that pulls code at install time into node_modules. Because the skill auto-runs `npm install` as an 'AUTO-FIX', you should review scripts/package.json and package-lock.json before allowing the install to run.
!
Credentials
The skill does not declare required env vars in metadata but expects and manipulates `~/.aurehub/.env` (inserting/setting POLYGON_RPC_URL, RANKINGS_OPT_IN, NICKNAME). It reads highly sensitive items — the WDK vault and password — which is necessary for signing transactions, so that is proportionate for a trading skill. The proportionality concern is the extra telemetry: if you opt into rankings the skill will send your WALLET_ADDRESS (and nickname) to xaue.com. Also the skill writes credentials to ~/.aurehub/.polymarket_clob and marker files (~/.aurehub/.registered, .rankings_prompted), which are persistent and affect privacy; understand and approve these writes.
Persistence & Privilege
The skill will create or modify files under ~/.aurehub (copy config, write .polymarket_clob, write .registered/.rankings_prompted) and will run npm install to populate node_modules in the skill directory. always:false (no forced global inclusion) and no claims of modifying other skills' configs are present. Persisting CLOB credentials and marker files is expected for a trading skill, but it's persistent and local — review file contents/permissions (SKILL.md says .polymarket_clob should be chmod 600).
What to consider before installing
This skill appears to implement real Polymarket trading flows and legitimately needs access to your WDK vault and a Polygon RPC, but it is somewhat intrusive and includes optional telemetry. Before installing: - Inspect the included scripts (especially scripts/setup.js and scripts/package.json). Confirm the EIP‑712 sign-and-POST to clob.polymarket.com is only for obtaining CLOB API credentials and that the request targets the expected Polymarket host. - Decide whether to opt into the 'XAUT activity rankings' — the skill will POST your wallet address and nickname to https://xaue.com if you agree. If you do not opt in, the skill still functions but will persist a 'declined' marker file. - Review scripts/package.json / package-lock.json for third-party npm packages; consider running `npm install` manually in an isolated environment (or container) if you are uncomfortable allowing the agent to auto-install. - Backup your WDK vault and ensure you trust the xaut-trade skill (this skill probes and may call xaut-trade scripts). Consider running the setup steps (deriving CLOB creds) manually rather than permitting automatic 'AUTO-FIX' actions. If you are unsure or do not trust the owner/origin, treat this as higher-risk: do not allow the agent to run automated fixes, do not opt into rankings, and run setup/install manually after code review.
!
scripts/redeem.js:2
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk979p0efmkm3w998epxp0tdbbn83nxbt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments