Polymarket Politics Random 1U
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: polymarket-politics-random-1u Version: 1.0.0 The skill is a functional template for automated Polymarket trading using the AION SDK, specifically targeting political markets. It implements a 'random entry' strategy for demonstration purposes, featuring dry-run protection, market filtering, and context-aware safety checks in `politics_random_1u.py`. While it handles sensitive environment variables like API keys and optionally private keys, the code logic is transparent, follows the stated purpose, and contains no evidence of data exfiltration or malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If live mode is enabled, the skill can spend funds and open Polymarket positions the user may not have reviewed individually.
Live trading can be enabled by an environment variable, the selected market is random, and the trade amount is configurable with no cap or per-trade confirmation in the script.
live = args.live or env_flag("RUN_LIVE") ... market = choose_market(candidates) ... amount = float(os.getenv("TRADE_AMOUNT_USD", "1")) ... result = client.trade(Keep dry-run mode by default, remove or tightly control RUN_LIVE, add explicit human approval before each trade, and enforce daily/total spend limits.
A one-time live trading setting could result in repeated automated random trades over time.
The skill is configured for recurring managed background execution every 30 minutes, which is high impact for a script capable of live financial trades.
"cron": "*/30 * * * *", "automaton": { "managed": true, "entrypoint": "politics_random_1u.py" }Disable the cron/automaton for live trading, or require a fresh user approval and a hard stop condition for every scheduled run.
Compromise or misuse of these secrets could allow unauthorized trading or wallet access.
These credentials are expected for the stated trading integration, but an API key and especially a wallet private key grant sensitive account or wallet authority.
"AION_API_KEY" ... "used for market reads and trade execution" ... "WALLET_PRIVATE_KEY" ... "Optional private key for external-wallet self-custody live trading on Polymarket."
Use a limited-purpose API key and a wallet with only the funds you are willing to risk; avoid providing a private key unless absolutely necessary.
A dependency update or package-resolution issue could change the behavior of a trading skill.
The required SDK dependency is not version-pinned. This is common for templates but leaves the installed code dependent on whatever package version is resolved later.
"requires": { "pip": ["aion-sdk"], "env": ["AION_API_KEY"] }Pin a reviewed aion-sdk version and install from a trusted package source before enabling live trading.