Polymarket Politics Random 1U
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If live mode is enabled, the skill can spend funds and open Polymarket positions the user may not have reviewed individually.
Live trading can be enabled by an environment variable, the selected market is random, and the trade amount is configurable with no cap or per-trade confirmation in the script.
live = args.live or env_flag("RUN_LIVE") ... market = choose_market(candidates) ... amount = float(os.getenv("TRADE_AMOUNT_USD", "1")) ... result = client.trade(Keep dry-run mode by default, remove or tightly control RUN_LIVE, add explicit human approval before each trade, and enforce daily/total spend limits.
A one-time live trading setting could result in repeated automated random trades over time.
The skill is configured for recurring managed background execution every 30 minutes, which is high impact for a script capable of live financial trades.
"cron": "*/30 * * * *", "automaton": { "managed": true, "entrypoint": "politics_random_1u.py" }Disable the cron/automaton for live trading, or require a fresh user approval and a hard stop condition for every scheduled run.
Compromise or misuse of these secrets could allow unauthorized trading or wallet access.
These credentials are expected for the stated trading integration, but an API key and especially a wallet private key grant sensitive account or wallet authority.
"AION_API_KEY" ... "used for market reads and trade execution" ... "WALLET_PRIVATE_KEY" ... "Optional private key for external-wallet self-custody live trading on Polymarket."
Use a limited-purpose API key and a wallet with only the funds you are willing to risk; avoid providing a private key unless absolutely necessary.
A dependency update or package-resolution issue could change the behavior of a trading skill.
The required SDK dependency is not version-pinned. This is common for templates but leaves the installed code dependent on whatever package version is resolved later.
"requires": { "pip": ["aion-sdk"], "env": ["AION_API_KEY"] }Pin a reviewed aion-sdk version and install from a trusted package source before enabling live trading.