ClawHub

Polymarket Live Bet

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is for automated Polymarket betting and token approvals, but it does not define clear wallet scope, spending limits, or trade-confirmation safeguards.

Review carefully before use. This is a high-risk financial automation skill: only use it with a limited wallet, small capped allowances, explicit approval for every transaction and order, and a clear understanding of Polymarket, Polygon, and USDC.e risks.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

No VirusTotal findings for this skill version.

Malicious
0
Suspicious
0
Harmless
0
Undetected
64
View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation
High
What this means

An agent using this skill could help place bets or approve token spending without clear guardrails, risking financial loss.

Why it was flagged

Approving tokens and submitting live betting orders are high-impact financial actions, but the artifact does not define approval checkpoints, spending caps, market limits, or rollback guidance.

Skill content
Handles USDC.e approval, order submission, and position tracking. Use for Polymarket automation, live crypto betting, or prediction market trading.
Recommendation

Require explicit human confirmation for each approval and order, set strict stake limits, use a separate limited wallet, and verify all transaction details before signing.

#ASI03: Identity and Privilege Abuse
High
What this means

If connected to a wallet or account, the skill may require privileges that can authorize trades or token allowances.

Why it was flagged

EIP-712 signing and USDC.e approval imply wallet/account authority over funds, but the supplied metadata declares no primary credential, env vars, or scoped configuration for how that authority is constrained.

Skill content
Place live bets on Polymarket CLOB with EIP-712 signing on Polygon. Handles USDC.e approval
Recommendation

Do not provide private keys or broad wallet access; use scoped wallet tooling, limited allowances, and review every signature request manually.

#ASI10: Rogue Agents
Low
What this means

Autonomous trading can act faster than a user can review if not externally constrained.

Why it was flagged

The text frames the skill as automation for trading; no hidden persistence is shown, but users should understand it is intended for autonomous financial workflows.

Skill content
Use for Polymarket automation... Part of the RHO autonomous trading fleet.
Recommendation

Use only in workflows that require user confirmation or enforce hard trading limits outside the agent.