ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Polymarket Bot

v3.1.0

Polymarket 5-minute crypto UP/DOWN market automated trading bot. AI-powered prediction using Binance technical analysis (Position, Momentum, RSI, Volume), au...

0· 332·0 current·0 all-time
by0xshahai@hanguang254
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description align with the code (market discovery, AI decision, bet execution, notifications). However the code injects an absolute workspace path (sys.path.insert('/root/.openclaw/...')) to import ai_trader.* modules that are not bundled here, which is unexpected and increases the trust surface. Also SKILL.md says to 'configure Telegram token', but valid Telegram credentials are already hardcoded in multiple scripts.
!
Instruction Scope
Runtime instructions and code read/write logs in the workspace and call external APIs (Polymarket, CLOB endpoints, Binance, Telegram). The monitor scripts will transmit bet/position info to a hardcoded Telegram bot/chat. The code also evaluates network-derived strings with eval() when extracting token IDs, and relies on subprocess.exec of the polymarket CLI (which will use the user's configured wallet). SKILL.md omits some details (e.g., Playwright browser install) and the code references files/paths outside the skill bundle.
Install Mechanism
No install spec (instruction-only) — lowest install risk. The SKILL.md suggests pip install requests playwright and installing the Polymarket CLI, which is consistent but the SKILL.md does not fully enumerate Playwright/browser setup. No archived downloads or external install URLs are used.
!
Credentials
Registry metadata declares no required env vars, but scripts contain hardcoded Telegram bot token and chat ID (sensitive credentials belonging to a third party). The bot also expects a configured Polymarket CLI/gnosis-safe wallet (implicit credential/privilege requirement) but does not declare or request those credentials. The hardcoded tokens mean notifications (and thus some operational data) will be sent to an external third party without you being asked to configure that endpoint.
!
Persistence & Privilege
The skill does not set always:true and does not modify other skills, but it writes state/log files under absolute paths (e.g., /root/.openclaw/.../logs and /tmp) and injects an absolute path into sys.path allowing imports from outside the skill bundle. This expands the code's effective scope to other code in that workspace and is a notable privilege escalation vector for accidental or intentional data access.
Scan Findings in Context
[hardcoded-telegram-token] unexpected: Monitor and position scripts contain apparent valid Telegram Bot Token and Chat ID hardcoded. For a notification feature you'd normally expect these to be configured by the user (env/config), not baked into the distributed code, because they leak notifications to the token owner.
[subprocess-exec-polymarket] expected: The code uses subprocess.run to call the Polymarket CLI to create orders and query balance — this is expected for a CLI-based trading bot, but it relies on the user's CLI/wallet configuration and can execute privileged wallet actions.
[eval-on-network-data] unexpected: The code calls eval() on data fetched from the Polymarket API for clobTokenIds. Evaluating remote data is dangerous (code injection risk) and unnecessary — safer parsing should be used.
[absolute-sys-path-insert] unexpected: Multiple files insert a hardcoded absolute path (/root/.openclaw/workspace/polymarket-arb-bot) onto sys.path to import ai_trader.* modules that are not included in the bundle. This lets the skill import and run code from outside the skill and therefore increase its attack surface.
[absolute-path-logs-state] expected: Scripts write/read log and state files under absolute workspace paths. Storing state/logs is expected, but using absolute root paths may lead to running as root or mixing with other agent files; running as non-root and adjusting paths is safer.
What to consider before installing
Do not run this code unmodified. Specific actions to consider before installing or executing: - Replace the hardcoded Telegram token/chat ID with your own or remove remote notifications; treat the included token as a secret already compromised and avoid sending sensitive info to it. - Inspect (or obtain) the ai_trader package/modules that the scripts import via the absolute sys.path; do not let the skill import unknown code from outside the bundle. Prefer bundling dependencies or explicitly pointing to vetted modules. - Remove eval() usage on API-returned strings and replace with safe JSON parsing to avoid remote code execution risks. - Understand the Polymarket CLI/gnosis-safe wallet setup: the bot will invoke the CLI and can place orders using your wallet. Only run after you confirm the CLI uses the wallet you intend, ideally in a limited/simulated environment first. - Avoid running as root. Adjust file paths (logs/state) to a directory you control and verify file permissions. - If you want to use the notification feature, create your own Telegram bot/token and configure it via environment variables or a config file rather than editing scripts with hardcoded secrets. - Consider running in an isolated environment (VM/container) and perform code review of any external modules (ai_trader.*) before giving the bot access to real funds. If you want, I can: highlight the exact lines to change to remove hardcoded tokens, show how to replace eval() with safe parsing, or list a minimal checklist to sandbox and test the bot safely.

Like a lobster shell, security has layers — review code before you run it.

latestvk972vky15cm4gzbas749z56gw582e4tc
332downloads
0stars
2versions
Updated 6h ago
v3.1.0
MIT-0
0xshahai@hanguang254
latest
Download

Polymarket Trading Bot

Automated trading bot for Polymarket 5-minute crypto UP/DOWN markets.

Architecture

auto_bot_v2.py (Main Loop)
  → Detects new 5-min markets (BTC/ETH)
  → Fetches Price-To-Beat via Playwright
  → Triggers AI analysis 80-100s before close

ai_analyze_v2.py (Decision Engine)
  → Binance technical analysis
  → Confidence scoring (Position 50%, Momentum 30%, RSI 10%, Volume 10%)
  → Executes bets via Polymarket CLI

monitor_bets.py (Notifications)
  → Monitors logs/bets.jsonl
  → Sends Telegram notifications on new bets

trading_state.py (Risk Management)
  → Tracks wins/losses
  → Enforces cooldown after consecutive losses

Setup

  1. Install Polymarket CLI and configure wallet (gnosis-safe mode)
  2. Install dependencies: pip install requests playwright
  3. Configure Telegram bot token and chat ID in monitor_bets.py
  4. Run: python3 -u auto_bot_v2.py > logs/bot.log 2>&1 &

Strategy Parameters

Edit in scripts/ai_analyze_v2.py:

  • Confidence threshold: ≥85% (line 63)
  • EV threshold: >0.6 (line 64)
  • Max odds: <0.85 (line 65)
  • Bet size: Fixed 5 shares (Polymarket minimum)

Key Files

  • scripts/auto_bot_v2.py - Main monitoring loop
  • scripts/ai_analyze_v2.py - AI decision engine with bet execution
  • scripts/monitor_bets.py - Telegram notification script
  • scripts/trading_state.py - Win/loss tracking and cooldown logic

Important Notes

  • 5-minute markets cannot be exited early (orderbook disappears after close)
  • Bot uses Binance data; Polymarket resolves via Chainlink (potential discrepancy)
  • Minimum order: 5 shares (Polymarket hard limit)
  • Uses --signature-type gnosis-safe for all CLI commands

Comments

Loading comments...