ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Polymarket Arb Bot

v3.3.5

Polymarket 5-minute crypto UP/DOWN market automated trading bot. AI-powered prediction using Binance technical analysis (Position, Momentum, RSI, Volume), au...

0· 289·2 current·2 all-time
by0xshahai@hanguang254
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md match the described purpose (automated trading on Polymarket using AI and Polymarket CLI). However the declared requirements in registry metadata are minimal (polymarket, python3) while the code actually expects many other tools (node, playwright, openclaw/browser tool, puppeteer/scrapling, requests/playwright Python libs). The single npm install mentioned in SKILL.md metadata (Polymarket CLI) is not sufficient for the repository's full runtime needs.
!
Instruction Scope
SKILL.md instructs the user to export POLYMARKET_PRIVATE_KEY and POLYMARKET_PROXY_ADDRESS (private credentials) but the registry metadata declares no required env vars. The runtime instructions and code call external APIs (Polymarket/Gamma API, clob.polymarket.com, Binance API) and run subprocesses (polymarket CLI, node scripts, openclaw CLI, playwright). The instructions also tell the user to place Telegram tokens inside scripts (editing source), which risks accidental credential leakage. The skill's instructions and included code reference reading/writing many local logs (logs/*) and a wallet_backup.txt file present in the repo.
!
Install Mechanism
The skill is marked as 'instruction-only' / no install spec in registry, but the package includes many code files and a package.json / requirements.txt. The SKILL.md metadata only suggests `npm i -g @polymarket/clob-client`; there is no explicit pip install of requirements.txt, no guidance to install Playwright browsers, no Node dependency installs for the included Node scripts, and no installation steps for openclaw/browser tool. This mismatch means a user following only the registry install metadata will miss many runtime dependencies; there is no single trusted release host for arbitrary binaries like Playwright or OpenClaw invoked via subprocess (higher friction and risk).
!
Credentials
Registry metadata declares no required env vars or primary credential, yet SKILL.md and code expect wallet credentials (POLYMARKET_PRIVATE_KEY, POLYMARKET_PROXY_ADDRESS) and the README/REPORT include wallet addresses and a `wallet_backup.txt` file in the repo. The code calls polymarket CLI commands that can operate on wallet keys and also invokes external endpoints. Requesting a private key for automated trading is plausible for a trading bot, but the fact that credentials are not declared by the package metadata and a wallet backup file is included in the repository is a red flag (possibility of exposed secrets or leftover sensitive artifacts).
Persistence & Privilege
The skill is not marked always:true and does not request to auto-enable itself system-wide. It suggests adding a watchdog to crontab for process restart, which is normal for long-running bots but is an elevated operational step the user must opt into. There is no evidence it modifies other skills' configs or escalates privileges by itself.
What to consider before installing
Key things to check before installing or running this skill: - Do not export or use private keys until you audit the repository. SKILL.md asks you to set POLYMARKET_PRIVATE_KEY / POLYMARKET_PROXY_ADDRESS; these are sensitive. Verify `wallet_backup.txt` does not contain any real private keys — treat it as compromised until proven otherwise and never reuse keys found in the repo. - The registry metadata underreports dependencies. The code uses node, puppeteer/playwright, openclaw CLI/browser tool, scrapling, and Python requirements. Follow the repo README and inspect requirements.txt and package.json; install deps in an isolated VM/container first. - Start with ENABLE_TRADING = False (or equivalent) and run in dry-run/simulated mode until you validate logic and network calls. Log all outgoing requests and subprocess calls during tests. - Search the repo for any plaintext secrets (API keys, private keys) and remove them. If `wallet_backup.txt` contains keys, assume they are compromised — do not fund those wallets. - Review any subprocess invocations (polymarket, node scripts, openclaw, playwright) and confirm you trust the binaries. Playwright downloads browsers and has nontrivial resource/attack surface; run in an isolated environment. - Consider using a hardware wallet / multisig (Gnosis Safe) with limited signing rights rather than placing private keys in environment variables or in source files. - If you plan to run with real funds: perform a security audit (dependency versions, network endpoints), run in a sandbox, and only use small amounts after testing. If you are not comfortable reviewing code or secrets, avoid running this skill with real wallets.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a9ybcg28qs0bfmn1nghceps82hbyt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspolymarket, python3

Comments