Polymarket Arbitrage Cn
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly monitors public Polymarket prices, but it needs review because its monitor script uses unsafe shell command construction and can print token-bearing webhook URLs.
Use this only after reviewing or patching monitor.py. Prefer one-time paper-trading runs, use a virtual environment, do not pass secret webhook URLs unless token logging is fixed, and avoid untrusted values for --data-dir. The skill does not execute trades, so manually verify any financial opportunity before acting.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent or user passes an untrusted or malformed data directory, the script could run unintended commands on the user's machine.
The monitor builds shell command strings using user-controllable path values such as --data-dir, then runs them with shell=True and no quoting. A crafted path containing shell metacharacters could cause arbitrary local command execution when the monitor runs.
subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=60) ... parser.add_argument('--data-dir', default='./polymarket_data' ... ) ... fetch_cmd = f"python3 {script_dir}/fetch_markets.py --output {markets_file} --min-volume 50000"Replace shell=True string commands with subprocess.run([...], shell=False), validate or quote paths, and avoid accepting data-directory values from untrusted text.
A Telegram or similar webhook token could be revealed to anyone who can see command output or stored logs.
The script accepts a webhook URL for alerts and prints the full value to stderr. The SKILL.md example uses a Telegram-style URL that can contain a bot token, so this can expose credentials in logs or agent transcripts.
parser.add_argument('--alert-webhook', type=str, help='Webhook URL for alerts') ... if webhook_url: print(f"[ALERT] Would send to webhook: {webhook_url}", file=sys.stderr)Do not print full webhook URLs; mask tokens, treat alert endpoints as secrets, and declare any supported webhook credential handling clearly.
Future package changes or a compromised local Python environment could affect what code runs.
The skill instructs users to install Python packages from PyPI without pinned versions or hashes. This is purpose-aligned for the scripts, but dependency provenance and repeatability are not locked down.
pip install requests beautifulsoup4
Install in a virtual environment and prefer pinned, reviewed dependency versions.
The script may keep making periodic network requests and writing local state until stopped.
The skill supports a long-running monitoring loop and local state files. This is disclosed and aligned with the monitoring purpose, but users should start it intentionally and know how to stop it.
python scripts/monitor.py --interval 300 --min-edge 3.0 ... Stop with `Ctrl+C` ... Saves state to `polymarket_data/`
Run continuous monitoring only when explicitly needed, use --once for one-time scans, and stop the process when finished.