Skillv1.0.6

ClawScan security

Polymarket Trading Setup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 17, 2026, 9:33 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and instructions are coherent with setting up a Polymarket trading bot; the environment variables and guidance align with that purpose, with only a few minor documentation mismatches to be aware of.
Guidance: This skill appears to be what it says: a how-to for setting up a Polymarket trading bot. Before installing or running it, consider the following: - It requires your signing private key and derived API secrets — these are extremely sensitive. Only proceed if you trust the skill source and you run it in an isolated, secure environment. - The skill will (and instructs the agent to) read and write a local .env file and may inspect any existing bot/config folders in the working directory; review those commands first to avoid accidental exfiltration of unrelated secrets. - The metadata omits a couple of example env variables used in the guide (POLYMARKET_WEBSOCKET_URL, POLYMARKET_DATA_API). Expect to need those or to hardcode endpoints in code examples. - Prefer performing token approvals manually via the Polymarket UI if you are unsure about programmatic approvals; the guide notes bounded approvals are safer than unbounded approvals. - Store derived API credentials securely (do not commit .env to version control), consider role-restricted or ephemeral credentials where possible, and limit approval amounts on token allowances. - If you want additional assurance, review the referenced py-clob-client library code (or vendor it from an official release) rather than blindly executing the example code. If any of these points make you uncomfortable, do not run the skill or run it in a sandboxed workstation/VM and manually inspect every step before providing credentials.

Review Dimensions

Purpose & Capability: okThe name/description (Polymarket trading setup) align with the requested secrets and runtime actions: a signing private key, proxy wallet address, signature type, and derived CLOB API credentials are all expected for programmatic trading on Polymarket. Optional Builder credentials for headless token approvals are also reasonable for server deployments.
Instruction Scope: noteThe SKILL.md gives explicit step-by-step instructions to check for and read/write a .env and config.json, derive API credentials, call Polymarket endpoints (Gamma, CLOB, Data, WebSocket), and submit token approvals. Those actions are within the stated setup task. Note: the agent is told to look for an “existing bot directory” which could lead it to inspect unrelated files in the working directory — this is broad but not necessarily malicious. Also the SKILL.md references POLYMARKET_WEBSOCKET_URL and POLYMARKET_DATA_API (and other example values) that are used in examples but are not listed in the metadata's required env list (minor inconsistency).
Install Mechanism: okThis is instruction-only with no install spec or downloadable artifacts. That minimizes install-time risk; dependencies referenced (py-clob-client, httpx, websocket-client, etc.) are plausible and standard for Python-based trading bots.
Credentials: noteThe required environment variables (private key, proxy address, signature type, and derived API key/secret/passphrase) are proportionate to the stated function. Caveat: SKILL.md also uses POLYMARKET_WEBSOCKET_URL and POLYMARKET_DATA_API in examples but these are not listed among required env in the metadata — an inconsistency a user should be aware of. The skill requests highly sensitive secrets (private key and API secret) which are legitimately required for trading but demand secure handling.
Persistence & Privilege: okThe skill does not request always:true and makes no claims about modifying other skills or system-wide settings. It instructs persisting derived API credentials into a local .env file — normal for this use-case but worth protecting (avoid committing to VCS, restrict filesystem permissions).