Polymarket API
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: polymarket-api Version: 1.0.0 The skill bundle is benign. The `SKILL.md` provides clear instructions for using the Polymarket API and does not contain any prompt injection attempts. The `polymarket.py` script uses standard Python libraries (`urllib.request`, `json`) to fetch data from the legitimate `gamma-api.polymarket.com` endpoint. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or obfuscation. The script's behavior is entirely consistent with its stated purpose of querying public prediction market data.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill will contact Polymarket's API and return public market data; it does not require login or change any account data.
The script makes fixed outbound requests to Polymarket's public API to retrieve market and event data, which matches the stated purpose but is still external network use users should notice.
BASE_URL = "https://gamma-api.polymarket.com" ... urllib.request.urlopen(req, timeout=15)
Use it for public market lookups and avoid putting private or sensitive information into lookup terms.
Users cannot independently verify the upstream project identity from the metadata alone.
The registry metadata does not provide an upstream source or homepage, so provenance is limited even though the included code is small, visible, and has no remote install step.
Source: unknown; Homepage: none
Review the included script before use, and prefer skills with clear source or homepage metadata when provenance is important.