Skillv1.0.0

ClawScan security

Polymarket AutoTrader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 6:25 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly matches its trading purpose, but there are clear mismatches in declared vs. required environment variables (billing key is required by the code but omitted from some metadata) and it asks for a high‑privilege secret (an Ethereum private key) — proceed only after addressing these inconsistencies and taking safety precautions.
Guidance: Key points before installing or running this skill: - Inconsistency to fix: billing.js requires SKILLPAY_API_KEY, but that variable is omitted from some top-level metadata. Ensure you set SKILLPAY_API_KEY and SKILLPAY_USER_ID before running, or the skill will throw an error when it attempts to bill. - Sensitive secret: the skill requires POLYMARKET_PRIVATE_KEY (an Ethereum private key). Only use a wallet with minimal funds and no long-term or high-value holdings. Prefer a throwaway or funded-only-for-tests account when you first run the skill. - Start in safe mode: set DRY_RUN=true and MIN_CONFIDENCE high, test with small MAX_TRADE_USDC and confirm behavior before enabling real orders. - Network calls: the code contacts Binance (price data), gamma-api.polymarket.com (market discovery), clob.polymarket.com (order posting), and skillpay.me (billing). Verify you are comfortable with these endpoints and that skillpay.me is the intended billing provider. - NPM package audit: verify @polymarket/clob-client and ethers versions (and their transitive dependencies) are trustworthy for your environment; consider locking package.json and auditing with npm audit. - Code review: the repository files are present and readable — if you are not comfortable, have a developer review the code paths that sign and send orders and the billing flow. - Operational controls: run in an isolated environment (sandbox or VM) initially, monitor outgoing traffic, and rotate any keys after testing. Consider restricting the private key to an account with only the funds you are willing to risk. If you want, I can: (1) list the exact env vars you must set to run successfully, (2) produce a short checklist for a safe test run (DRY_RUN, tiny budget, logging), or (3) point out the exact lines in the code where SKILLPAY_API_KEY is enforced so you can decide how to adjust configuration.

Review Dimensions

Purpose & Capability: noteThe name, description, and code align: the skill fetches market data (Binance public API), computes RSI/MACD/EMA signals, discovers Polymarket markets and places orders via @polymarket/clob-client and ethers. Required binaries (node) and npm dependencies (@polymarket/clob-client, ethers) are proportional to an auto-trader. Billing via SkillPay is consistent with the billing behavior described. One mismatch: the registry-level 'Required env vars' omitted SKILLPAY_API_KEY while the SKILL.md and code require it.
Instruction Scope: concernSKILL.md instructs running trader.js and setting environment variables; the runtime instructions match the code's actions (fetch Binance, call Polymarket/Gamma APIs, call SkillPay billing, sign orders with a private key). However the top-level metadata (and the registry metadata supplied to OpenClaw) and the SKILL.md table are inconsistent about required env vars: billing.js throws if SKILLPAY_API_KEY is not set, but SKILL.md metadata and the registry required list omitted it in some places — this could cause silent failures or confusion. The skill reads a sensitive POLYMARKET_PRIVATE_KEY from environment (expected for signing but high‑sensitivity). All network endpoints the code uses are explicit (binance.com, gamma-api.polymarket.com, clob.polymarket.com, skillpay.me).
Install Mechanism: okInstall uses public npm packages (@polymarket/clob-client and ethers). This is an expected, traceable mechanism for a Node-based trading skill (moderate risk typical for npm installs). No arbitrary downloads or extracted archives are used.
Credentials: concernRequesting an Ethereum private key (POLYMARKET_PRIVATE_KEY) is functionally necessary to sign orders, so it's proportionate to the trading purpose but is high privilege and sensitive. Billing requires SKILLPAY_API_KEY and SKILLPAY_USER_ID; those are proportionate to the described SkillPay billing flow. The problem: the registry metadata (summary at the top of the evaluation) lists only POLYMARKET_PRIVATE_KEY and SKILLPAY_USER_ID as required, but billing.js enforces SKILLPAY_API_KEY; SKILL.md also lists SKILLPAY_API_KEY in its 'Required Environment Variables' table. This inconsistency is risky because a user following only the registry-level requirements may get runtime errors or misconfigure credentials. Optional POLYMARKET_API_* variables are reasonable for higher rate limits. No unrelated secrets or extraneous cloud credentials are requested.
Persistence & Privilege: okalways:false (default) and the skill does not request system-wide persistence or attempt to modify other skills or agent settings. It only suggests running itself as a persistent process (pm2) which is normal for a daemonized trader. The skill can be invoked autonomously (platform default) but that alone is not being flagged.