Polymarket Intelligence Skill
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could be guided to run code or dependencies that were not included in the reviewed skill package.
The reviewed package does not include the JavaScript files or package metadata that SKILL.md describes, so the actual code and dependencies users would run are outside the reviewed artifacts.
No code files present — this is an instruction-only skill. ... 1 file(s): SKILL.md
Do not run the Node setup until the referenced source files, package.json, and lockfile are supplied, pinned, and reviewed.
Running these commands could execute unreviewed local code or dependency install scripts, especially if the user obtains files from an unknown source.
These are explicit local code-execution and package-installation instructions, but the runnable files are not present in the supplied artifacts.
1. `cd` into the skill folder and run `npm install` ... 3. Run `node cron.js` to start scheduled jobs, or configure launchd to run on boot
Only run these commands in a trusted, reviewed checkout with pinned dependencies; avoid configuring boot persistence until the behavior is verified.
The bot may continue posting alerts to configured Telegram channels until the scheduled runner is stopped.
The skill is designed for recurring autonomous monitoring and alerting. This is disclosed and purpose-aligned, but users should notice that it can keep operating on a schedule.
Every 30 min — Real-time consensus alert when 3+ whales enter the same market ... Every 30 min — Real-time insider alert when fresh wallet drops >$50K on one market
Confirm the schedule, channel targets, logging, and shutdown process before enabling the cron or launchd runner.
If these tokens are exposed or mishandled, someone could post through the Telegram bots or disrupt the configured channels.
Telegram credentials are expected for sending Telegram alerts, but they grant the configured bot the ability to post to the associated chats.
Create a `.env` file with your Telegram credentials: `PKEDGE_TELEGRAM_TOKEN_FREE` ... `PKEDGE_TELEGRAM_TOKEN_TRADER`
Use dedicated Telegram bots with limited channel access, keep tokens out of shared logs/files, and rotate them if there is any exposure.