Vincent - Polymarket
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent for Polymarket trading, but it gives an agent autonomous financial-trading authority using a persistent wallet token and an unpinned runtime CLI package.
Use this only if you intentionally want an agent to trade on Polymarket. Before funding the wallet, claim it, configure strict spend and withdrawal policies, require human approval for larger actions, protect the stored agentwallet credentials, and consider pinning or independently verifying the Vincent CLI package.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could place losing bets, change positions, or move funds within whatever server-side policies the wallet owner has configured.
The artifact explicitly authorizes autonomous financial trading and withdrawals, which can spend or move user funds without a separate confirmation for each action.
Use this skill when users want to ... place bets, manage positions, or withdraw funds ... The agent is expected to invoke trading actions ... on its own ... not by gating individual invocations.
Install only if you want autonomous trading; claim the wallet before funding it, set strict spending and withdrawal limits, and require approval for meaningful trades or fund movement.
A seemingly read-only balance check may create on-chain state and grant approvals affecting the funded wallet.
A command presented as a balance check has blockchain side effects, including deployment and collateral approval, and the approval scope is not bounded in the provided text.
The first balance call triggers Safe deployment and collateral approval (gasless via relayer).
Treat the first balance call as a setup transaction, not a read-only check; confirm the approval scope and wallet policy before funding the wallet.
The code that actually handles credentials and trades can change after this review if the latest CLI package changes.
The reviewed artifact is instruction-only, but the workflow executes an unpinned @latest npm CLI at runtime for financial wallet operations.
allowed-tools: Read, Write, Bash(npx:@vincentai/cli*) ... npx @vincentai/cli@latest secret create --type POLYMARKET_WALLET
Prefer a pinned, reviewed CLI version and verify the package source before allowing it to manage funded wallets.
If another local process reads the stored token, it may be able to act within the wallet policies until the key is revoked.
The skill persists a scoped Bearer token for wallet access. This is disclosed and purpose-aligned, but it is still a credential that can authorize policy-permitted financial actions.
The CLI stores the returned API key automatically ... (`${OPENCLAW_STATE_DIR:-$HOME/.openclaw}/credentials/agentwallet/` or `./agentwallet/`)Protect the credential directory, keep wallet policies restrictive, and revoke or rotate the agent key if local compromise is suspected.
Users may rely on provider-side controls that cannot be independently verified from the provided artifacts.
The artifact makes strong security assurances, but the supplied review set does not include the runtime CLI or server implementation that would substantiate them.
The agent never sees the private key. All operations are executed server-side ... All API calls go exclusively to `heyvincent.ai`
Review Vincent’s trust model, documentation, and package provenance before sending funds to the wallet.