polymarket-predictradar-daily-anomalies-skills
PassAudited by ClawScan on May 10, 2026.
Overview
The skill’s behavior matches its stated Polymarket anomaly-reporting purpose, but users should verify the external data-layer dependency and treat wallet/trading labels as heuristic analysis.
Before installing, verify the external polymarket-data-layer and MCP endpoint, keep any SQL access read-only, and treat the generated anomaly and wallet reports as leads for further research rather than trading advice or proof of misconduct.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not run, or may run unreviewed helper code, unless the user already has and trusts the shared Polymarket data layer.
The runnable script depends on sibling shared data-layer modules that are not included in the supplied file manifest. This is disclosed and purpose-aligned, but the dependency’s behavior is outside the reviewed artifacts.
const mcp = require('../../polymarket-data-layer/scripts/mcp-client'); const gamma = require('../../polymarket-data-layer/scripts/gamma-client');Review and pin the polymarket-data-layer dependency and MCP/Gamma clients before running the script.
If the MCP layer is not actually limited to safe read-only queries, the agent could access more market data than intended.
The skill exposes a raw SQL-style data query workflow over market/trade data. It is described as SELECT-only and is central to the anomaly report, but raw query access should remain constrained.
`mcp.query(sql)` — Execute SQL query (SELECT only), returns row array; Key Tables: `trades` (recent 2-7 day data), `positions`
Keep SELECT-only enforcement in the MCP service, validate identifiers, use parameterized queries where possible, and avoid broad exploratory queries unrelated to the report.
Users could over-trust anomaly labels such as Insider Watch or use wallet addresses for copy-trading without independent verification.
The report intentionally surfaces wallet identifiers and frames them for possible trading decisions. This is disclosed and aligned with the skill’s market-analysis purpose, but it can influence user trust and financial behavior.
All wallet addresses must be displayed in full 42-character format (0x + 40 hex chars) for user verification and copy-trading.
Present findings as heuristics, include uncertainty, and avoid treating wallet activity as proof of insider behavior or as trading advice.