ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Polymarket BTC Trader

v1.0.0

Polymarket BTC 5分钟 Up/Down 全自动交易机器人。MiniMax AI 驱动,双信号决策,自动止盈止损,真实链上交易,Web控制面板。

0· 71·0 current·0 all-time
by@billychoiu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires wallet
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description (Polymarket BTC trading bot) match the code and README (bot.py, status_server.py, web panel). However the registry metadata lists no required environment variables or credentials while the code and README clearly expect many sensitive env vars (POLYMARKET_API_KEY, POLYMARKET_API_SECRET, POLYMARKET_PRIVATE_KEY, RELAYER_API_KEY, AI API keys, wallet address, etc.). This mismatch is an incoherence: a trading bot legitimately needs these secrets, but the package metadata failing to declare them is unexpected and misleading.
Instruction Scope
SKILL.md gives concrete run steps (install.sh, copy .env from references, start scripts). The runtime instructions and code operate on local files (bot_status.json, decision_signal.json, trading_control.json) and read .env for credentials. They refer to OpenClaw-provided decision_signal.json (expected). No instructions request unrelated system files, but the skill will read and use highly sensitive keys from .env (private keys, API secrets). Also there are small inconsistencies in instructions vs code (panel port and skill paths — see guidance).
Install Mechanism
No external binary downloads or remote installers; install.sh creates a Python venv and pip-installs aiohttp, requests, python-dotenv, uvicorn — reasonable and proportionate for a Python web/bot project. The skill uses local scripts to copy files into $HOME/.openclaw/workspace which writes to disk but is expected for an install-as-skill flow.
!
Credentials
The code expects multiple sensitive environment variables (Polymarket API key/secret/passphrase, relayer key, private wallet key/address, AI provider API keys). Those are proportionate to on-chain trading functionality, but the skill registry metadata declared none — that's an important omission. Users must be aware they'll need to provide private keys and API secrets; those grant the ability to sign and submit real trades on-chain and to authenticate to Polymarket.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It copies its files into a workspace and runs as separate processes (nohup + python), creating runtime files under the workspace. It doesn't appear to modify other skills or system-wide agent settings. Autonomous invocation is allowed by default (normal).
What to consider before installing
Do not supply real Polymarket/private-key credentials until you verify the source and intended behavior. Specific items to check before installing or running: 1) The registry metadata claims no required env vars, but bot.py and status_server.py expect many secrets (POLYMARKET_API_KEY, POLYMARKET_API_SECRET, POLYMARKET_PRIVATE_KEY, RELAYER_API_KEY, AI API keys). That mismatch is suspicious — ask the publisher why metadata omitted them. 2) Inspect references/.env.example to see exactly which placeholders will be written to $WORK_DIR/.env by the startup scripts. 3) Run first in isolated environment (VM or disposable container) and use paper/simulated mode only (do not enable real account mode or provide a private key). 4) Audit how the web panel/status server handles .env and status files: ensure it does not expose raw secrets via HTTP endpoints. Note the code builds HMAC headers using POLYMARKET_API_SECRET and will sign requests if provided. 5) There are small deployment inconsistencies: SKILL.md / README reference panel port 18095 but status_server.py uses PORT = 18795, and panel_start.sh references a slightly different SKILL_DIR; verify and correct paths before deployment. 6) Prefer to keep only minimal credentials in the bot's .env (paper-mode API credentials or read-only keys where possible) and never put long-term private keys on unknown third-party code. 7) If you need higher confidence, request the maintainer identity, a signed release, or run a line-by-line audit (focus on bot.py and status_server.py) and ensure you understand where and when signing/transactions occur. If you can't verify provenance, treat the skill as untrusted and run only with simulated data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97372pxwht6pvdqkw66md2gqn84an6m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments