Back to skill
Skillv1.0.0
VirusTotal security
Polymarket Whale Copier · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:47 AM
- Hash
- 1a0ec25a5f4cd52d7584a72b79267287acd8a3f7156fa649bc78d4746340de13
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: polymarket-whale-copier Version: 1.0.0 The skill bundle is classified as suspicious due to its handling of sensitive user data and a critical functional flaw. The `SKILL.md` instructs the user to provide a `POLYMARKET_KEY` (private key) as an environment variable, which is then read by `scripts/copy_trader.py`. While the script makes legitimate network calls to Polymarket APIs, it contains a severe bug in `scripts/copy_trader.py`'s `_derive_wallet` function that incorrectly derives the Ethereum wallet address, rendering it non-functional for actual trading. Crucially, `scripts/copy_trader.py` explicitly states '⚠️ Live trading not implemented - use Polymarket CLOB API', meaning it cannot execute trades even if the private key derivation were correct. This combination of requesting a private key for a non-functional trading script, coupled with the potential for future malicious implementation if the 'not implemented' flag is removed, makes it suspicious.
- External report
- View on VirusTotal