Polymarket Quant Trader
WarnAudited by ClawScan on May 18, 2026.
Overview
This real-money trading skill asks users to install unreviewed external code and provide wallet keys, while the reviewed package declares no code, install requirements, or credentials.
Treat this as a high-risk trading automation package until the external repo is reviewed. Do not provide a main wallet key or enable live trading; use a dedicated low-balance wallet, keep DRY_RUN on, inspect all code and dependencies, and verify the claimed trading math and performance before risking funds.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You could run unreviewed code that has access to trading credentials and may place real-money trades.
The reviewed package contains no bot code or install spec, but it directs users to install dependencies from an external placeholder repo that is not included in the scan.
git clone <repo-url-provided-after-purchase> cd polymarket-bot npm install cp .env.example .env
Do not run the external repo until you have inspected its source, pinned and audited dependencies, and verified it matches the claimed package. Prefer skills that include all runnable code in the reviewed artifact.
A misconfigured, compromised, or malicious bot could misuse wallet authority or cause financial loss.
The skill expects wallet keys and a funded wallet for live trading, but the metadata declares no primary credential, env vars, or scoped credential contract.
Configure your `.env` with wallet keys and risk parameters - Polygon wallet with USDC (for live trading)
Use only a dedicated low-balance wallet, keep live trading disabled until code is reviewed, and require explicit documentation of which keys are needed, how they are stored, and what actions they authorize.
If live mode is enabled, automated scripts could make financial decisions without sufficient user review.
The documented workflows can transition from dry-run to live trading, but the reviewed artifacts do not show per-trade confirmation, explicit live-mode safeguards, or bounded mutation authority.
# Paper trade first (DRY_RUN=true by default) npm run agent:alpha # EV signal trading npm run research:auto # Self-improving strategy npm run arb:scan # Cross-platform arbitrage
Keep DRY_RUN enabled, require manual confirmation for every live order, set strict position and exposure limits, and verify these controls in code before connecting funds.
Autonomous strategy changes can affect later trading behavior if not reviewed before use.
The skill discloses a long-running autonomous optimization loop that can change strategy parameters over time.
An autonomous hill-climbing optimizer that tunes your strategy parameters overnight using Brier score as the objective function. Wake up to a better strategy.
Run overnight research only in a sandbox, review all parameter changes before using them live, and keep a reversible checkpoint history.
You could trust performance numbers or an optimizer that is not measuring the risk metric it claims to optimize.
The document defines Brier score as squared error but its example code uses exponent 0.2, which contradicts the stated metric behind the claimed optimizer and performance.
Brier = (1/N) * SUM((predicted_probability - actual_outcome)^2) ... return sum + Math.pow(p.ourProbability - outcome, 0.2);
Verify the math and backtests independently before trading; correct the Brier calculation to squared error and require reproducible performance evidence.