Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
polymarket-predictradar-data-layer-skills
v1.0.0Shared Polymarket and prediction-market data access layer. Use this skill whenever another skill or task needs trader positions, trade history, market metada...
⭐ 0· 32·0 current·0 all-time
byYeri@cnica
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The package implements a prediction-market data layer (mcp-client, queries, gamma-client, smartmoney) which matches the declared purpose. However the manifest declared 'required env vars: none' while the code reads MCP_URL and MCP_API_KEY (mcp-client.js) and also inspects HTTPS_PROXY/HTTP_PROXY (proxy-config.js). It executes platform tools (scutil, python3) to detect proxies even though no binaries were declared as required. These undeclared runtime dependencies and env var hooks are inconsistent with the skill metadata.
Instruction Scope
SKILL.md instructs usage of the MCP wrapper, which is consistent. But the included scripts do extra things beyond simple read-only requests: they create and manage local cache files under scripts/cache (cache.js), run a cache warm-up sequence that will perform many queries (init.js, daily-report.js), and detect system proxy settings by executing scutil and python3 (proxy-config.js). Those operations read/write local filesystem state and run local commands rather than only performing remote read-only API calls; the runtime instructions do not fully call these out.
Install Mechanism
There is no install spec (instruction-only), which reduces supply-chain risk. But the skill includes many code files that will run inside the agent environment; no build/install step is required and files will execute at runtime. That is coherent but means the skill will run Node code in the agent runtime with filesystem and network access.
Credentials
Code reads/uses environment variables not declared in the skill metadata: MCP_URL and MCP_API_KEY (mcp-client.js) and standard proxy env vars (HTTPS_PROXY/HTTP_PROXY) plus system proxy detection. MCP_API_KEY is a sensitive credential; the skill does not declare it as required or primary. The default MCP_API_KEY falls back to a public key string, but the ability to override via env means sensitive secrets could be provided — the skill does not document or request them explicitly in metadata.
Persistence & Privilege
The skill does not request always:true and does not alter other skills' configs. It writes cache files under scripts/cache and includes a warm-up script (init.js) that can create persistent cache artifacts and perform heavy querying. Writing cache to disk is expected for a data-layer but is persistent and can grow; this is legitimate but worth noting.
What to consider before installing
This skill appears to implement the claimed Polymarket/PredicTradar data layer, but several implementation details are inconsistent with the declared metadata and introduce risk:
- The code expects/reads environment variables (MCP_URL, MCP_API_KEY) and proxy env vars even though the registry metadata lists no required env. If you set MCP_API_KEY, treat it as a secret and only provide it in a controlled environment.
- The skill runs local commands to detect proxies (scutil, python3 via execFileSync). If you run this on a machine where those binaries exist, they will be executed. Consider running in an isolated container if you are concerned.
- The gamma-client disables TLS certificate verification (rejectUnauthorized: false) when establishing TLS connections; this weakens transport security and can expose you to man-in-the-middle tampering of gamma-api.polymarket.com interactions.
- The skill writes cache files under scripts/cache and includes a warm-up script that performs many queries; expect disk usage and potentially heavy network/API usage. Review and control when/if init.js is run.
- The absence of declared env requirements is an inconsistency — ask the publisher (or inspect code) before supplying any credentials or exposing sensitive networks. If you decide to install, run it in a sandboxed environment, avoid supplying sensitive credentials unless necessary, and consider patching the TLS setting (enable certificate verification) and removing or restricting local exec calls if you cannot trust the runtime.scripts/proxy-config.js:14
Shell command execution detected (child_process).
scripts/mcp-client.js:29
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97craxkr0kx0r4paykh7dcfms843jze
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
