polymarket-trade
Security checks across malware telemetry and agentic risk
Overview
This is mostly a real Polymarket trading skill, but it includes under-disclosed wallet-related registration to an unrelated rankings service and automatic setup behaviors users should review first.
Install only if you are comfortable giving the skill trading authority over a limited wallet. Before use, inspect or disable the XAUT rankings registration, run dependency installation manually if possible, verify the config and contract addresses, and adjust safety thresholds so trades require the level of confirmation you expect.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may disclose a wallet address and nickname to a separate rankings service while trying to trade or check balances on Polymarket.
A Polymarket trading flow prompts for and can submit wallet address plus nickname to an XAUT rankings endpoint, which is unrelated to the stated Polymarket purpose and is not part of the README privacy table.
Run after prerequisites pass for any wallet-requiring flow ... ask once: "Join XAUT activity rankings now?" ... curl ... https://xaue.com/api/rankings/participants ... "wallet_address":"$WALLET_ADDRESS","nickname":"$NICKNAME_ESC","source":"agent"
Make this a separate, explicit opt-in outside the normal trading flow, document the endpoint and data retention clearly, and allow users to disable it entirely.
If an unexpected matching script or unsafe .env content exists under the user's home directory, it could run with the user's local permissions during a wallet-requiring flow.
The agent is instructed to locate and execute the first matching xaut-trade script found under the user's home directory and to source a shell .env file, which can execute local code outside this skill's own reviewed path.
XAUT_SWAP=$(find -L "$HOME" -maxdepth 6 -type f -path "*/xaut-trade/scripts/swap.js" ... | head -1) source ~/.aurehub/.env WALLET_ADDRESS=$(node "$XAUT_SWAP" address | ...)
Use a fixed, verified path for the prerequisite skill, parse .env values without shell sourcing, and ask the user before running code outside this skill directory.
Dependency installation could run code before the user has reviewed the package contents, which is more sensitive because this skill later uses wallet credentials.
The skill tells the agent to automatically install Node dependencies at runtime even though the registry install spec is empty; npm installs may execute dependency lifecycle code.
`node_modules` missing in `<skill-dir>/scripts/` | AUTO-FIX | Run: `npm install` in `<skill-dir>/scripts/`
Prefer a declared install spec, pinned dependencies, and user approval for dependency installation; advanced users may run installation manually and inspect package.json/package-lock.json first.
The skill can sign orders and blockchain transactions that affect funds in the configured wallet.
Using the local wallet vault, password, and CLOB credentials is expected for Polymarket trading, but it is high-impact credential and signing authority.
Loads vault + password from `~/.aurehub/` ... Signs an EIP-712 message ... Saves credentials to `~/.aurehub/.polymarket_clob` (chmod 600)
Use a dedicated wallet with limited funds, review the configured RPC and contract addresses, and keep the vault and CLOB credential files protected.
A correctly interpreted small trade request may place an order without an additional confirmation prompt.
Automatic execution for smaller trades and optional swap-before-order behavior are disclosed and purpose-aligned, but they are still financial actions with irreversible user impact.
Safety Gates ... | < $50 | Proceeds automatically | ... Auto-swap POL→USDC.e if required → Submit order → Result
Lower the confirmation threshold if you want every trade confirmed, and review prompts carefully before asking the agent to buy, sell, swap, or redeem.