Back to skill
Skillv1.0.0
ClawScan security
Polymarket Scout — Hourly Edge Detector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 21, 2026, 2:47 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only Polymarket market scanner that requests no credentials, installs nothing, and its declared behavior aligns with the resources it asks for.
- Guidance
- This skill is instruction-only and coherent with its description: it will make outbound requests to public Polymarket/Gamma APIs and compute probability/kelly-sizing recommendations based on the biases in SKILL.md. Before installing, confirm you trust the author (source unknown) and that your agent/environment policy allows outbound HTTP to those APIs. Also remember this is a betting tool — its reported “edge” is based on heuristic TA parameters (reliabilities and biases) baked into the instructions; validate with test runs and never commit real funds without independent verification. If you want stronger assurance, ask the publisher for source code or explicit API endpoints and clarify whether any non-public APIs or credentials are ever required.
Review Dimensions
- Purpose & Capability
- okName/description claim a Polymarket hourly market scanner; SKILL.md describes fetching public Polymarket/Gamma REST odds and performing simple probability/betting math. No unrelated credentials, binaries, or config paths are requested, so requirements align with the stated purpose.
- Instruction Scope
- okInstructions are narrowly scoped: call public Polymarket/Gamma APIs, compute edge using the provided per-asset reliability/bias parameters, apply freshness and counter-consensus rules, and return ranked opportunities. The doc does not instruct reading local files, unrelated env vars, or exfiltrating data elsewhere.
- Install Mechanism
- okNo install spec or code files are provided (instruction-only). Nothing will be written to disk or downloaded by the skill itself, minimizing install-related risk.
- Credentials
- okNo environment variables, keys, or config paths are required. The declared use of public APIs that need no keys matches the lack of credential requests.
- Persistence & Privilege
- okSkill is not always-enabled and does not request persistent privileges or modify other skills. It relies on normal agent invocation and makes only outward API queries when run.