Prediction Market Sentinel
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may think they are monitoring a chosen wallet, but the script will monitor the fixed wallet instead, potentially causing missed alerts or incorrect conclusions.
The script hard-codes a specific wallet address, while SKILL.md tells users to run `bash scripts/monitor.sh <wallet_address>` and says it can track any wallet. This mismatch could cause users to rely on monitoring that is not actually tracking their requested wallet.
WALLET_ADDRESS="0x17db3fcd93ba12d38382a0cade24b200185c5f6d"
Use only after modifying the script to read the supplied wallet argument and clearly document any fixed default wallet.
The script may fail or behave unexpectedly on systems without those tools installed.
The script depends on `curl` and `jq`, but the registry requirements list no required binaries. This is an under-declared runtime dependency rather than evidence of malicious behavior.
LATEST_ORDER=$(curl -s "https://clob.polymarket.com/orders?maker=$WALLET_ADDRESS&limit=1" | jq -r '.[0].id // "NONE"')
Declare `curl` and `jq` as required binaries or document installation prerequisites clearly.
Local files will retain monitored wallet activity and could affect future alert comparisons if edited or stale.
The monitor persists logs and last-seen order state in the user's OpenClaw workspace. This is purpose-aligned for monitoring, but users should know state is retained locally.
LOG_FILE="$HOME/.openclaw/workspace/polymarket_wallet_monitor.log" LAST_TX_FILE="$HOME/.openclaw/workspace/.last_polymarket_tx"
Document the log and state file locations and provide a clear cleanup/reset instruction.