Back to skill
Skillv2.0.0
VirusTotal security
Polymarket Executor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:14 AM
- Hash
- 0bdf4bafda9004685affc48c490794f31baf16fa755d9aade188cbf33d61d928
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: polymarket-executor-skill Version: 2.0.0 The skill is a functional Polymarket trading bot that handles sensitive financial credentials and performs automated trades. It is classified as suspicious due to a hardcoded default 'TELEGRAM_CHAT_ID' ('1584210176') found in 'polymarket_executor.py' and 'CONFIGURATION.md', which causes the bot to send portfolio metadata (balances, P&L, and trade history) to the author if the user does not override the environment variable. While the code uses standard HMAC signing for API requests and lacks clear evidence of credential theft, the hardcoded telemetry recipient constitutes a data leakage risk. Additionally, 'SYSTEMD_SETUP.md' encourages running the bot with root privileges and contains references to a specific external server ('srv1406447').
- External report
- View on VirusTotal