Back to skill
Skillv3.1.0
VirusTotal security
Polymarket Bot · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:26 AM
- Hash
- ddf09c4ef4f79a81e13b7abd17cd9dd5119a081d1a5e36c065f58eacd02e0fd6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: polymarket-5m-bot Version: 3.1.0 The bundle contains a Polymarket trading bot with significant security vulnerabilities and hardcoded credentials. Most notably, `auto_bot_v2.py` uses `eval()` on data fetched from an external API to parse token IDs, creating a Remote Code Execution (RCE) risk. Additionally, `monitor_bets.py` and `position_monitor.py` contain hardcoded Telegram Bot API tokens (8315083265:AAGM_rUxfOzmnTDYd6v2n6n-kEArK37tKKk) and Chat IDs (1609325006), which is a major security flaw that exposes the bot's communication channel. While the code's logic is consistent with its stated purpose of automated trading, these critical flaws and the use of subprocesses to manage a financial wallet make the bundle high-risk.
- External report
- View on VirusTotal