Polymarket Trader
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a transparent trading-analysis helper that fetches public Binance data and reads local PaperBot logs, with no evidence of credential use, order placement, exfiltration, persistence, or destructive behavior.
Before installing or using it, understand that it is a trading-analysis helper, not a guarantee of profit. It will contact Binance public APIs, and explain_fills.py will read and print local PaperBot fill logs. Use the correct log path, keep any real Polymarket trades under explicit manual approval, and install Python dependencies only from trusted sources.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may recommend when to enter or exit Polymarket positions, which could influence financial decisions.
The skill gives concrete financial entry/exit decision rules. This is purpose-aligned and no order-placement code is present, but it could affect real-money trades if combined with separate trading tools.
Trade only when there is measurable edge ... Enter only if `edge = fair_prob - market_price` exceeds a threshold.
Use it as an analysis aid, and require explicit user confirmation before any real-money trade or account action.
Recent fill history and reasons may be exposed in the agent session when the script is run.
The helper reads local trading/fill logs and prints fields from them into the analysis context. This is disclosed and purpose-aligned, but those logs may contain private trading history or untrusted text fields.
Reads: workspace/polymarket_paperbot/state/events.jsonl ... Prints last N fills with: ts, token, side, px, reason, fair_up, z, against_trend.
Pass only the intended events.jsonl file, avoid logs containing secrets, and treat log contents as data rather than instructions.
The script may fail until the dependency is installed, and installing dependencies introduces normal package-source trust considerations.
This helper relies on an external Python package while the registry shows no install spec or declared requirements. This is an under-declared dependency, not evidence of malicious behavior.
from dateutil import parser as dateparser
Install any needed Python dependency from a trusted source and review the bundled script before running it.