Skillv2.0.0

ClawScan security

Polymarket Executor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 10:21 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is broadly consistent with a Polymarket trading bot but includes system-level installation instructions (systemd, root, host .env usage), owner-specific defaults, and a few incongruities that increase risk and warrant caution before installing or running live trades.
Guidance: Before installing/running this skill: - Run it only in a sandboxed/isolated environment (dedicated VM or container) and keep PAPER_MODE=true until you fully audit behavior and paper-trade for many cycles. - Do not place unrelated secrets in the same host .env referenced by the service; prefer a dedicated env file for this bot and run under a non-root user. - If you intend to run it as a systemd service, avoid running it as root; run a dedicated unprivileged service account or keep it inside a controlled container with limited host mounts. - Review the full polymarket_executor.py for any hidden network endpoints or unexpected behavior (the file is included but truncated in the bundle you provided). Look for any calls to endpoints beyond Polymarket and Telegram. - Treat live-mode credentials (API key/secret, wallet address) as high-sensitivity; generate API keys locally as recommended and never upload private keys to the server. - Be skeptical of absolute performance claims (100% win rates, 'zero risk'); test thoroughly in paper mode and inspect trade execution logic, sizing, and fee/slippage handling before any real funds. - Consider rotating keys and revoking access if you later stop using the bot, and prefer running behind your own proxy/egress controls rather than following third-party proxy vendor recommendations blindly.

Review Dimensions

Purpose & Capability: noteName, description, code, and optional env vars align with a trading bot (Polymarket API keys, wallet, Telegram alerts). However the documentation and systemd instructions assume specific host/container paths and a particular operator ('Wesley') which is not necessary for the stated purpose and indicates the package is tailored to a particular deployment.
Instruction Scope: concernRuntime instructions go beyond simply running a bot: they instruct copying files into a specific Docker container, adding variables to a host .env, and creating a systemd service that loads that .env. These steps touch host configuration, require elevated privileges, and could expose unrelated host secrets. The SKILL.md also allows broad scanning (hundreds–thousands of markets) and continuous autonomous looping, giving the agent broad operational discretion.
Install Mechanism: okThere is no external install/download step; the skill is instruction + a single Python file that claims to use the standard library only. No remote archive downloads or third-party package installs were specified, reducing supply-chain risk.
Credentials: noteRequested environment variables (Polymarket API key/secret/passphrase, wallet address, capital, Telegram tokens) are reasonable for a live trading bot and are marked optional for paper mode. However documentation recommends placing these in a shared host .env and references an existing TELEGRAM_CHAT_ID and other owner-specific values—this risks exposing other host secrets if the same .env holds unrelated credentials.
Persistence & Privilege: concernThe repo includes a systemd setup that runs the executor as root and auto-starts it on boot (Enable/Start instructions). While long-running services are expected for trading bots, running as root and loading a host EnvironmentFile increases privilege and persistence risk. The skill itself is not forced-always, but its documentation explicitly guides the user to grant high persistence and host-level privileges.