Skillv1.0.0

ClawScan security

Polymarket Smart Money · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 10:50 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (analyzing Polymarket wallets) but are inconsistent with its manifest: it expects a local project, a virtualenv, and an Alchemy RPC key (.env) while declaring no install steps or required environment variables — review before running or giving secrets.
Guidance: This skill appears to implement what it describes, but there are important mismatches you should address before using it: (1) The SKILL.md expects a local project at {baseDir}/../../agents/polymarket-bot/PolyAnalysis and a .venv — the registry entry provides no code or install steps. Do you actually have that repository and virtualenv? (2) The instructions reference POLYGON_RPC_URL (an Alchemy key) in .env but the skill manifest does not declare any required credentials — do not paste secrets into .env without reviewing the code. (3) Because the skill runs arbitrary Python scripts, inspect the PolyAnalysis code (fetcher.py, analyzer.py, etc.) before running to ensure there is no hidden exfiltration or network calls beyond the documented APIs. Recommended safe steps: run the code in an isolated sandbox or container, provide only a read-only RPC key (if needed), audit the repository for any network/HTTP calls that send data to unknown endpoints, and ensure .env does not contain other secrets. If you cannot review the code, treat this skill as untrusted and avoid supplying private credentials.

Review Dimensions

Purpose & Capability: noteThe name/description align with the instructions: it fetches Polymarket leaderboard and activity data, scores wallets, and detects market makers/HFT. However the SKILL.md assumes an existing local project at {baseDir}/../../agents/polymarket-bot/PolyAnalysis and a virtualenv/.venv, which is not reflected in the manifest (no code files required, no install steps). Expectation of local code/runtime is a meaningful mismatch.
Instruction Scope: concernRuntime instructions require the agent (or user) to cd into a relative project path, activate a virtualenv, and run python scripts (analyze.py, discovery commands). They also reference a .env with POLYGON_RPC_URL for Alchemy RPC access. These instructions therefore implicitly require reading and using local files (project code, .venv, .env) and running arbitrary Python scripts — scope is broader than an 'instruction-only' skill that declares no code or env dependencies.
Install Mechanism: okNo install spec is present (instruction-only). That is low-risk from automatic installation perspective, but because the instructions expect a local repo and virtualenv, the user/agent will need to obtain and run external code separately — review that code before execution.
Credentials: concernThe manifest declares no required environment variables or primary credential, yet SKILL.md explicitly references POLYGON_RPC_URL=https://polygon-mainnet.g.alchemy.com/v2/<key> in .env for Phase 2 on-chain analysis. This is an undeclared sensitive dependency (a private RPC key). The skill may also require other credentials for trading endpoints (CLOB) though not declared. Missing declaration of these secrets is disproportionate and suspicious.
Persistence & Privilege: noteThe skill does not request always:true or system-wide persistence and is user-invocable (normal). However, it instructs running local Python scripts from a repo path and activating a virtualenv — executing those scripts gives them whatever privileges the agent/user account has. That risk is operational (run-time), not manifest-level, so treat as a caution rather than a manifest privilege escalation.