Back to skill
Skillv1.0.0
VirusTotal security
Polymarket Bot Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:19 AM
- Hash
- c15293a90983a32f006a9d1f34e12375c50a22718ac7304989f76c5bb6f20ad9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: polymarket-bot Version: 1.0.0 This skill is classified as suspicious due to a significant prompt injection vulnerability and its engagement in high-risk operations. The `SKILL.md` file explicitly instructs the AI agent to use prompts from `references/prompts.md` and `references/strategy_examples.md` to 'generate code for strategies'. While the current prompts in these files are not overtly malicious, this mechanism creates a direct vector for prompt injection, allowing an attacker to potentially instruct the agent to generate and execute arbitrary malicious code. Furthermore, the skill's core functionality involves handling sensitive private keys (via `scripts/auth_setup.py` and `scripts/bot_integration.py`) and performing automated cryptocurrency trades, which are inherently high-risk operations, amplifying the potential impact of a successful injection.
- External report
- View on VirusTotal