Back to skill
Skillv1.0.0
VirusTotal security
Polymarket AutoTrader · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:05 AM
- Hash
- 014a5a4e6d4b7930dc0560c4ef329f5a1deb14042f108fe9144ec12fb939593d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: polymarket-autotrader-hyy Version: 1.0.0 The skill requires a highly sensitive 'POLYMARKET_PRIVATE_KEY' to execute trades and implements a mandatory, hardcoded third-party billing system ('skillpay.me') that charges users 0.001 USDT per execution cycle. While the code performs its stated trading functions using legitimate APIs (Binance, Polymarket), the requirement for a raw private key in environment variables and the automated fee extraction mechanism pose significant financial and security risks. The billing logic in 'billing.js' and the main loop in 'trader.js' create a persistent financial drain that may not be fully transparent to the user depending on how the agent manages the environment.
- External report
- View on VirusTotal