ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Polymarket Bot Skill

v1.0.0

Automate Polymarket bot operations including fetching market data, placing trades, and implementing strategies like arbitrage. Use when users need to build o...

2· 660·2 current·2 all-time
by@deliverydriver
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description align with the included scripts (market fetch, auth, strategy, integration, copy-trading). Functionality requested (fetch markets, place trades, arbitrage, copy trading) is coherent with the code — however the registry metadata claims no required env vars/credentials while the code clearly requires a private key and produces API credentials, which is an important inconsistency.
!
Instruction Scope
SKILL.md and references instruct running scripts that handle private keys, derive API keys, and post signed messages to remote endpoints. The instructions implicitly permit long-running, autonomous trading (infinite loops, copying trades). The skill's runtime instructions and included code direct reading of environment variables (POLY_PRIVATE_KEY) and sending signatures/requests to external Polymarket endpoints — behaviors within the domain but sensitive and not declared in metadata.
Install Mechanism
There is no install spec (instruction-only install), which reduces installation risk. However, the code depends on third-party Python packages (web3, requests, dotenv, asyncio, possibly pandas) that are not declared; installing/running them will be required by the user and could pull external packages.
!
Credentials
The skill metadata lists no required env vars, yet scripts expect a POLY_PRIVATE_KEY and produce/handle API keys/secrets. Requesting a raw private key (and deriving/POSTing signatures) is high sensitivity — the skill should clearly declare this as a required credential and explain secure handling. The number and sensitivity of credentials used (private key → API creds) is proportionate to trading functionality but is not reflected in the registry metadata.
Persistence & Privilege
The skill is not marked always:true, does not request system-wide config changes, and does not attempt to modify other skills or agent config. It runs as scripts and will only persist data if the user runs them locally — no elevated platform privilege is requested.
What to consider before installing
Key points before installing or running this skill: - Metadata mismatch: The registry metadata claims no required environment variables, but the code expects a POLY_PRIVATE_KEY and derives API credentials. Treat that as a red flag: ask the publisher to update the metadata to list required secrets. - Sensitive operations: The code will sign messages with your private key and POST them to Polymarket endpoints to derive API credentials. Only provide private keys if you fully trust the code and publisher — prefer hardware wallets, ephemeral keys, or limited-scope keys where possible. - Test mode first: Run with dry_run=True and on a testnet or with a throwaway account to validate behavior. Do not run with dry_run=False on a funded account until you fully audit the code. - Audit network behavior: The scripts make HTTP requests to polymarket domains (gamma-api.polymarket.com, clob.polymarket.com, data-api.polymarket.com) — verify those endpoints and ensure TLS is used. Inspect any unexpected outbound hosts before using. - Code quality issues to fix before trusting: auth uses signTypedData (ensure correct EIP-712 usage), authenticate_with_clob posts a signed_message (review what is sent), and some code passes api_creds into requests.get via auth=self.api_creds (this may not be correct and could leak data). Have a developer review these details. - Dependency management: The skill relies on web3.py, requests, dotenv, asyncio, etc. Install these from official sources and run in an isolated virtual environment or container. - Operational risk: The bot can automatically place trades (including copy-trading). This exposes you to financial loss, MEV, front-running, slippage, and rate-limit issues. Use rate limiting, position limits, and monitoring as suggested in references. - If you cannot audit the code, avoid providing real private keys. Ask the publisher for clearer metadata, dependency lists, and a security/privacy statement. Consider running the skill in a sandbox or with a read-only API credential (if available).

Like a lobster shell, security has layers — review code before you run it.

latestvk976w2vpk5a1cjhkpfe0qa5y6d81kwy1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments