Manifold Markets
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: manifold Version: 1.0.0 The skill is benign. It clearly defines its purpose to interact with Manifold Markets via their official API. It explicitly instructs the AI agent to obtain user confirmation for all write actions (placing bets, selling shares, posting comments), which is a strong safeguard against prompt injection. The `MANIFOLD_API_KEY` is used solely for authentication with the legitimate `api.manifold.markets` endpoint, and there is no evidence of data exfiltration, malicious execution (e.g., `curl|bash`), persistence mechanisms, or obfuscation techniques. All commands are standard `curl` requests or `jq` for local JSON parsing.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could change your Manifold positions or post comments, but the documented workflow requires confirmation first.
The skill can perform mutating Manifold actions, but the artifact explicitly requires user confirmation before those actions.
Never place a bet, sell shares, or post a comment unless the user explicitly confirms
Only confirm bets, sells, or comments after checking the market, side, amount or shares, and exact comment text.
Anyone using this skill with your API key can act on your Manifold account within the API key’s permissions.
The Manifold API key delegates account authority to the agent for authenticated actions such as placing bets, selling shares, and commenting.
Uses `MANIFOLD_API_KEY` in header: `Authorization: Key $MANIFOLD_API_KEY`
Use a dedicated or revocable Manifold API key if possible, keep it out of shared logs, and revoke it if you no longer use the skill.