Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Polymarket Brain
v1.0.0Automates geopolitical and macroeconomic news analysis, matches expert insights to Polymarket odds, and posts actionable trade recommendations to Discord.
⭐ 0· 97·0 current·0 all-time
byDimas Chandra@dimaschand29
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
High-level purpose (news → expert analysis → Polymarket match → Discord) matches the code and artifacts: news fetch, analyzer, market mapping, Discord payloads. However the SKILL.md and other docs instruct copying the entire ~/.browseros/skills tree and editing orchestrator files; the skill also claims to write into BrowserOS core memory and various user-profile paths. Copying or modifying other skills' directories and core memory is not necessary for a simple market-analysis pipeline and is disproportionate to the stated purpose.
Instruction Scope
Runtime instructions include editing files and hardcoded webhook URLs, running scripts that assume other components (cnbc-geopolitics-fetcher) exist, and explicit copy commands for the user's whole skills directory. The skill also documents persistence and commands (VERIFY_INSTALLATION.bat, AFTER_RESTART_CHECK.bat, RUN_ORCHESTRATOR.bat) and claims to update BrowserOS 'core memory' — these are scope expansions beyond analysing and posting market recommendations. Hardcoded webhooks (full tokens visible in several files) mean the skill will (or can) post to external Discord channels without additional credentials.
Install Mechanism
No formal install spec is declared (instruction-only), which is lower risk for automatic installs but surprising given there are many code files bundled. There is no remote download/execute step in the manifest, but the presence of many executable scripts and .bat files (and claims they persist across restarts) means manual execution will write to disk and potentially modify environment. The absence of an install step combined with many included files is an inconsistency worth attention.
Credentials
The skill requires no declared env vars or credentials, but multiple files embed full Discord webhook URLs (sensitive tokens). The SKILL.md instructs editing orchestrator files to set webhooks (or uses the ones already present). It also references other skills' history files and suggests copying the entire skills folder—this gives access to other skills' files and could expose unrelated secrets. No Polymarket API credentials are requested or documented despite matching to markets; the skill appears to rely on hardcoded market URLs/odds rather than authenticated API access.
Persistence & Privilege
The documentation repeatedly promises multi-layer persistence (local files, BrowserOS core memory, session backups) and includes scripts to verify persistence after restart. It also recommends copying the entire skills directory and writing verification/launcher .bat files into user paths. While persisting its own files is reasonable, the explicit instructions to copy or modify the user's skills directory and core memory are elevated privileges relative to a news-analysis skill and could overwrite or read other skills' config/memory.
What to consider before installing
What to consider before installing or running this skill:
- Do not run bundled scripts or .bat files blindly. Review the orchestrator (polymarket_brain_orchestrator.py and scripts/*) to see exactly what files and paths they read/write and what network endpoints they call.
- The skill contains full Discord webhook URLs (tokens) in multiple files. Those allow posting to third-party channels immediately; confirm you control the target webhook or replace it with a webhook you control before running.
- The SKILL.md instructs copying your entire skills directory and writing to BrowserOS core memory—both can expose or overwrite other skills and their secrets. Avoid mass-copy steps; perform any migration manually and with backups.
- Polymarket interactions appear hardcoded to specific market URLs and odds; there is no documented credential handling for Polymarket. If you expect real API calls, verify where and how API keys would be stored and used.
- If you want to try it safely: run it in an isolated sandbox/VM or on a throwaway account, remove or replace webhook URLs, and search the code for any network calls beyond Discord and Polymarket (look for requests.post/urllib/ socket usage). Also inspect any code that writes to %APPDATA%/BrowserOS or other user profile paths.
If you want, I can (a) list specific files and lines that write to user/home paths or contain the webhook tokens, (b) search the code for outbound network endpoints beyond Discord/Polymarket, or (c) walk you through a safe checklist to run it in a sandbox. Confidence in this assessment is medium because many behaviors are plausible for a local orchestration tool, but the filesystem and persistence instructions are broader than expected for the stated purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk97fyk1dctt232nh71add8swh183488v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.