Polymarket 交易助手
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: polymarket-trader-skills Version: 1.0.1 The bundle provides a comprehensive suite of Polymarket trading tools, including a 'danger-auto-trade' feature explicitly designed to execute real-money trades without human confirmation. A highly irregular root-level .env file is included containing a hardcoded API key and wallet address (0x70e0b6bc3dee51e0b881a17bb8eb5f42af9a0855), which is unusual for a skill distribution and could lead to unintended fund redirection or account usage. While the scripts (e.g., trade.ts, monitor.py) appear to use legitimate Polymarket APIs, the inherent risk of automated financial execution combined with pre-configured credentials warrants a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could place real-money Polymarket trades without the user reviewing each order.
The artifact explicitly offers an agent-directed live trading workflow without human confirmation, which is high-impact financial mutation.
danger-auto-trade-polymarket ... 全自动交易(无需确认) ... 无需人工确认,AI 自主完成市场扫描、概率评估、仓位计算和实盘下单
Disable or remove the no-confirmation mode by default; require explicit per-trade approval, fixed maximum exposure, and paper-trading dry runs before live orders.
If invoked directly or by another skill, a mistaken or manipulated amount could create a larger trade than intended.
The executable trading path posts caller-supplied order amounts; no maximum amount or per-order confirmation is visible in this script, despite documentation mentioning risk controls.
const orderAmount = amount ?? (size && price ? size * price : 0); ... createAndPostMarketOrder({ tokenID, amount: orderAmount, side }, ...)Enforce hard caps, balance checks, and confirmation inside the trading script itself, not only in surrounding instructions.
An error in one trade attempt could cancel unrelated open Polymarket orders in the same account.
A single order execution error can trigger account-wide cancellation rather than limiting cleanup to the order created by that invocation.
catch (err: any) { ... await client!.cancelAll(); ... }Only cancel orders created by the current operation, and require user confirmation before any account-wide cancel-all action.
Anyone or any agent process with access to that key file could potentially trade with the wallet's funds.
Using a raw wallet private key is expected for automated trading, but in combination with no-confirmation live trading it grants broad signing authority and is not reflected in the registry's credential declarations.
PRIVATE_KEY ... Your wallet's private key ... MetaMask: Settings → Security → Export Private Key
Use a dedicated low-balance trading wallet, strict file permissions, and declared secret storage; avoid using a main wallet private key.
This indicates unsafe credential hygiene and creates uncertainty about whether a real credential or account identifier was bundled.
The distributed package contains a plaintext key-like value and wallet address, while metadata says there is no primary credential.
API 密钥 019e113b-87e1-... 地址 0x70e0...
Remove bundled secrets, rotate any real exposed key, and use explicit environment-variable or secret-manager declarations instead.
The agent may install or execute code from an unexpected local path, especially if stale or unreviewed files already exist there.
The skill instructs dependency installation and later execution from a hard-coded Claude directory, not the reviewed OpenClaw skill path; stderr suppression also reduces install visibility.
cd ~/.claude/skills/api-trade-polymarket/scripts && npm install 2>/dev/null
Use OpenClaw `{baseDir}` paths, declare installation requirements, and avoid suppressing install output for a wallet-enabled trading skill.