Skillv7.1.5

ClawScan security

Polymarket Arbitrage Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 5, 2026, 4:51 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it says (on‑chain trading and calling a billing API) but there are multiple inconsistencies and risky requirements (exporting a private key, undisclosed env vars in registry, calls to third‑party billing endpoint) that warrant caution before installing.
Guidance: Key points before installing: - This tool requires your raw Polygon private key. Supplying that gives full control of any funds in that wallet. Avoid using your main wallet; if you must test, use a fresh wallet funded with minimal test funds only. - The billing key (SKILLPAY_KEY) is sent to a third‑party service (skillpay.me) for balance/charging. Confirm you trust that service and never reuse a high‑privilege key there. - Registry metadata claims no env vars but the code and SKILL.md require two secrets — ask the publisher why metadata and docs disagree. - The code attempts to use an optional '@polymarket/clob-client' SDK (not listed in package.json) and falls back to direct HTTP order posting. That fallback posts signatures and wallet address to Polymarket CLOB endpoints (expected for order placement). Review the exact network endpoints (https://gamma-api.polymarket.com, https://clob.polymarket.com, https://skillpay.me) and confirm they are legitimate. - There are minor version mismatches across files and a suspicious-looking billing request (chargeUser posts amount: 0) — could be a bug or intentional; request clarification. - Recommended actions: (1) audit the code yourself or ask an independent auditor to do so; (2) run locally in an isolated environment with a throwaway wallet; (3) prefer a signer pattern that does not expose an exported private key (hardware wallet or delegated API key) if possible; (4) do not install or run until the registry metadata mismatch is resolved and the publisher explains the billing flow and data sent to skillpay.me.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose (Polymarket arbitrage + automatic trading) legitimately requires a Polygon private key and a billing key; the SKILL.md and code both request POLYMARKET_PRIVATE_KEY and SKILLPAY_KEY. However the registry metadata above lists 'Required env vars: none' while the SKILL.md and code require two secrets — this mismatch is an incoherence that should be explained by the publisher.
Instruction Scope: concernRuntime instructions and the CLI code ask you to export your raw wallet private key (used to sign on‑chain orders) and the SKILLPAY_KEY, and then the tool will sign and submit real orders to Polymarket endpoints and call a third‑party billing API (https://skillpay.me). The instructions explicitly guide exporting private keys and running the CLI; nothing else in the docs or code claims to read system files, but requesting raw private keys is high risk and should be minimized or explained (use of delegated/derived api keys, hardware signers, or limited-scope signing would be preferable).
Install Mechanism: okNo external download/install script is present; this package is a Node CLI with package.json listing node-fetch and ethers. There is no install spec that pulls arbitrary third‑party archives. That said, the code attempts to require '@polymarket/clob-client' at runtime but that dependency is not in package.json — the code handles its absence and falls back to direct API calls.
Credentials: concernThe requested env vars (POLYMARKET_PRIVATE_KEY, SKILLPAY_KEY) are relevant to the stated functionality, but they are high‑privilege secrets: the private key fully controls on‑chain funds. The registry metadata claiming no required env vars contradicts the SKILL.md and code. The SkillPay key is sent to a third‑party billing endpoint (skillpay.me) — that may be expected for billing, but it means a second external party will receive your wallet address plus your SKILLPAY_KEY. The tool does not appear to transmit your private key to external servers, but it will sign messages locally and send signatures to the CLOB API (normal for order submission).
Persistence & Privilege: okThe skill is not force-included (always: false) and does not request system‑wide configuration changes. It is a user-invocable CLI and will run only when invoked; it uses no special platform privileges.