Skillv1.1.0

ClawScan security

Polymarket CLI & Arb Scanner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 7:25 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement the advertised Polymarket CLI and arb scanner, but contains a few risky patterns (remote install scripts, runtime shell execution with unescaped user input, and instructions that may ask for private keys) that deserve caution before installing or running.
Guidance: This package implements the promised Polymarket CLI utilities and an expiry-arbitrage scanner, but take precautions before installing or running it: - Review install scripts before running: install.sh and the SKILL.md recommend piping remote scripts into sh (raw.githubusercontent.com and rustup.sh). Only run them if you trust the source and have inspected the script contents. - Treat wallet private keys as sensitive: do not paste or import private keys into software or agent environments you don't control. Prefer hardware wallets or ephemeral wallets and only enable trading in a locked-down environment. - The TypeScript scanner calls the shell with a user-supplied query interpolated into the command; that can lead to command injection if untrusted input is used. If you run the script, only pass trusted queries or modify the code to properly escape/sanitize inputs (avoid unescaped shell interpolation; use execFile or pass args array). - Running npx/tsx may download packages at runtime—consider installing dependencies locally or running inside an isolated container/VM. - If you only need read-only features, avoid running wallet/setup commands and restrict network/privilege exposure. If you want to proceed: inspect scripts/install.sh and expiry-arb.ts fully, run installation in an isolated environment (container or VM), and never expose private keys to untrusted processes.

Review Dimensions

Purpose & Capability: okName, description, and included scripts (search, get-market, price checks, expiry-arb) are coherent with a Polymarket CLI/arb scanner; required files and commands (polymarket binary, parsing JSON) match the stated purpose.
Instruction Scope: concernRuntime instructions and scripts rely heavily on shell execution of the `polymarket` binary and explicitly instruct interactive wallet setup/import (which requires private keys). The TypeScript scanner executes a shell command built by interpolating the user query into execSync without escaping, creating a potential command-injection vector if untrusted input is used. The SKILL.md also recommends piping a remote install script into sh (curl | sh). These behaviors are within the broad purpose but introduce actionable risks that are not mitigated in the instructions.
Install Mechanism: noteThere is no centralized install spec, but scripts/install.sh and SKILL.md instruct using remote installers: raw.githubusercontent.com (curl | sh), git clone from GitHub, and rustup (curl | sh). These are well-known hosts but piping remote scripts to sh and invoking rustup remotely is inherently risky and should be reviewed prior to execution. The TypeScript script uses npx/tsx (runtime npm fetch).
Credentials: okThe skill declares no required environment variables or credentials. Wallet operations documented (wallet import, approve set) legitimately require private keys/MATIC for trading and are optional for read-only operations. However, the skill and docs suggest entering private keys directly into CLI commands; users should avoid supplying keys to untrusted environments.
Persistence & Privilege: okSkill flags are standard (always:false). The skill does not request persistent platform privileges or modify other skills. It references user config at ~/.config/polymarket/config.json and sources $HOME/.cargo/env—expected for this tool.