Back to skill
Skillv1.0.0
ClawScan security
Polymarket Optimizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 10:31 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions are coherent with its stated purpose (reading local performance files, analyzing them, and updating a local learned_config.json, with optional Telegram reporting); nothing in the provided files requests unrelated credentials or external endpoints beyond Telegram.
- Guidance
- This skill appears to do what it says: read local executor metrics, compute adjustments, write learned_config.json, and optionally post Telegram reports. Before installing: (1) review the full Python source (the file was truncated in the bundle listing) to confirm there are no additional network endpoints or hidden behaviors, (2) run it in a staging environment against sample metrics to validate logic and prevent bad allocations, (3) avoid loading a shared .env containing other service credentials—only provide TELEGRAM_* and WORKSPACE if needed, (4) prefer running under a dedicated, non-root user or inside the OpenClaw container rather than enabling the root systemd example, and (5) lock down file permissions on the WORKSPACE so the optimizer can only access intended files. If you want higher assurance, request the full untruncated source for a complete audit or run the script under a network-restricted environment to confirm it only contacts api.telegram.org when tokens are set.
Review Dimensions
- Purpose & Capability
- okName/description match what the code and SKILL.md do: read workspace metrics, analyze strategies, and write learned_config.json and optimizer_log.jsonl. Required binary (python3) and optional TELEGRAM/WORKSPACE envs are consistent with purpose.
- Instruction Scope
- noteRuntime instructions and code limit actions to workspace files (performance_metrics.json, paper_trades.json, portfolio.json, live_trades.jsonl) and local logs; Telegram messages are optional. Documentation includes systemd/cron guidance that suggests running docker exec or loading a shared .env — following those instructions without care could expose unrelated environment variables or grant broad host-level execution privileges, so treat the docs as higher-risk operational guidance rather than a property of the skill itself.
- Install Mechanism
- okNo install spec (instruction-only with an included Python script). No remote downloads or package installs are present in the bundle; risk from install mechanism is low.
- Credentials
- noteThe skill declares no required secrets and only optionally uses TELEGRAM_BOT_TOKEN, TELEGRAM_CHAT_ID, and WORKSPACE. That is proportionate. However, the provided systemd docs advise loading a global .env (EnvironmentFile) and running as root/docker exec; if you follow that, unrelated secrets in that .env could be exposed to the process—limit the environment to only the variables this skill needs.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request persistent elevated platform privileges. The systemd docs propose running as root and using docker exec (operational recommendation) — this is optional and not required by the skill, but follow-up caution is advised if you adopt those instructions.