Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Vincent - Polymarket
v1.0.70Polymarket prediction market trading for agents. Use this skill when users want to create a Polymarket wallet, browse markets, place bets, manage positions,...
⭐ 2· 2.2k·10 current·10 all-time
byChris Cassano@glitch003
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (Polymarket trading) aligns with the SKILL.md: it instructs the agent to create wallets, browse markets, place bets, and manage positions. The declared config paths for agentwallet storage are consistent with the described behavior. However, the skill relies on a remote CLI package (npx @vincentai/cli@latest) to implement functionality, which is a non-trivial runtime dependency that goes beyond a simple instruction-only helper.
Instruction Scope
SKILL.md instructs agents to run npx commands that will fetch and execute code at runtime and to read/write the declared agentwallet config paths. The document asserts that 'all API calls go exclusively to heyvincent.ai' and that the agent never sees private keys, but those are runtime guarantees provided by the remote service and CLI — they cannot be verified from the instruction file alone. The agent is intended to perform autonomous trading actions, which is expected for this skill but increases risk if the CLI or service behaves differently than claimed.
Install Mechanism
There is no install spec in the registry (instruction-only), but the runtime instructions require npx @vincentai/cli@latest. Using npx dynamically fetches code from npm at each invocation (supply-chain risk) and runs it. The skill does not declare Node/npx as required binaries. Relying on @latest means behavior can change between runs; this is a higher-risk install/execution pattern than a pinned release or built-in binary.
Credentials
The skill requests no environment variables and declares only two config paths for storing the agent's scoped API key — this is proportionate to the stated purpose. However, the API key is stored on disk in the agent state directory (or ./agentwallet), which creates a local persistence point that other processes could read if filesystem permissions are not tightly controlled. The SKILL.md asserts the token is scoped and revocable, but that is an external guarantee that can't be validated here.
Persistence & Privilege
The skill does not request always: true or other elevated platform privileges. Autonomous model invocation is enabled (default) so agents can place trades without per-call human gating — this is consistent with the skill's purpose but means you should treat autonomous trading abilities and runtime code pulls as higher-impact capabilities when combined.
What to consider before installing
This skill appears to do what it says, but take precautions before installing: 1) Understand that the agent will run npx @vincentai/cli@latest — that downloads and executes code from npm at runtime (supply-chain risk). Ask the publisher to provide a pinned version or a checksum and consider requiring an audit. 2) Confirm the Vincent service enforces the claimed policy scoping and that you can revoke keys quickly; request documentation or an SLA. 3) Restrict filesystem permissions on ${OPENCLAW_STATE_DIR:-$HOME/.openclaw}/credentials/agentwallet (and ./agentwallet) so other processes/users cannot read stored tokens. 4) Ensure Node/npx availability and consider running the skill in a network-restricted environment (or review the CLI source) to verify it only contacts heyvincent.ai and Polymarket endpoints. 5) If you require stronger assurance, request the CLI source (or a reproducible build) and an explicit, auditable explanation of which actions are executed client-side vs. server-side.Like a lobster shell, security has layers — review code before you run it.
latestvk978jcy9rfk2pg3zfbrcz95m5182rdce
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Config${OPENCLAW_STATE_DIR:-$HOME/.openclaw}/credentials/agentwallet, ./agentwallet