Polymarket Arb Bot
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This appears to be a real Polymarket trading bot, but it exposes wallet-key material, uses unsafe dynamic code execution on market data, and encourages persistent unattended financial trading.
Do not run this with real funds as-is. If you test it, use a fresh low-balance wallet, remove any bundled wallet_backup.txt, rotate any exposed keys, replace eval with safe JSON parsing, pin dependencies, and avoid enabling the cron watchdog until you have verified how to stop the bot and limit losses.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromised or malicious market-data response could run code locally under the user's account.
The bot evaluates a market-data field as Python code. If that field is malformed or controlled through an upstream/API compromise, it could execute arbitrary code on the user's machine.
token_ids = eval(markets[0].get('clobTokenIds', '[]'))Replace eval with safe parsing such as json.loads, validate the expected list format, and reject unexpected values.
Anyone with a valid wallet private key can control the associated wallet and potentially move or spend funds.
The static scan reports that the package includes a wallet backup file containing private-key material.
Private Key: [REDACTED]
Do not use any bundled wallet key. Remove the backup file from the package, rotate any exposed key, and use a fresh low-balance wallet only.
Users may not realize before install that the skill needs sensitive wallet authority capable of placing real trades.
The skill asks for wallet-signing credentials, while the registry metadata declares no required env vars and no primary credential.
export POLYMARKET_PRIVATE_KEY="your_private_key" export POLYMARKET_PROXY_ADDRESS="your_gnosis_safe_address"
Declare wallet credentials explicitly in metadata, document exact scope and storage expectations, and avoid broad private-key access where delegated or limited credentials are possible.
Once enabled and running, the bot can spend funds automatically based on its strategy without per-order approval.
The code directly invokes the Polymarket CLI to create buy orders using wallet signing authority.
"polymarket", "clob", "create-order", "--signature-type", "gnosis-safe", "--token", token_id, "--side", "buy"
Run only with a small isolated wallet, add explicit spending limits and daily loss limits, and require user confirmation unless unattended trading is intentionally enabled.
The bot can continue operating and trading after the terminal is closed or after a crash, which increases the chance of unintended ongoing financial activity.
The instructions run the trading bot in the background and add a cron watchdog that automatically restarts it every five minutes.
python3 auto_bot_v3.py > logs/bot_v3.log 2>&1 & ... */5 * * * * /path/to/watchdog_v3.sh
Avoid enabling the watchdog until fully tested, document how to stop and remove cron entries, and add clear kill-switch controls.
Users depend on whatever package version is current at install time, which matters more because the tool handles trading authority.
The skill documents a global install of an unpinned npm package that is central to wallet-backed trading operations.
"kind": "shell", "command": "npm i -g @polymarket/clob-client"
Pin package versions, publish a clear install spec, and verify package provenance before using it with wallet credentials.
Users may over-trust the bot and allocate more funds than they can afford to lose.
The report makes strong profitability/reliability claims for an automated trading system, even though trading outcomes remain uncertain.
模型可靠性:84.6% 总体准确率证明模型有效 ... 实盘可行性:高质量信号(97.1%)足以支撑盈利 ... 已验证,可投入实盘
Treat performance claims as unverified, backtest independently, paper-trade first, and keep real-money exposure low.