ClawHub
Back to skill
v1.0.0

polymarket-minimal-buy-python

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:10 AM.

Analysis

This skill is purpose-aligned for Polymarket trading, but it asks for a raw wallet private key and can place, approve, and cancel financial orders without clear install-time credential disclosure or built-in confirmation safeguards.

GuidanceReview carefully before installing. Only use a separate Polymarket wallet with limited funds, verify the official endpoint and dependencies, keep private.env private, and require explicit confirmation for every trade, allowance update, and cancellation.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
scripts/min_buy.py
self.client.update_balance_allowance(params) ... return self.client.post_order(order, OrderType.FOK) ... return self.client.cancel_market_orders(None)

The script can automatically update allowances, submit market orders, and cancel all market orders when invoked; the artifacts do not show an in-script confirmation, spend limit, or dry-run safety check.

User impactA mistaken or overly broad invocation could approve spending, place trades, or cancel orders in the user's Polymarket account.
RecommendationAdd explicit per-action confirmation, clear maximum trade/allowance limits, a dry-run mode, and avoid exposing cancel-all unless the user specifically confirms it.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
pip install py-clob-client eth-account

The setup uses unpinned third-party Python packages. This is expected for the stated Python trading client, but those packages will participate in wallet signing and trading operations.

User impactDependency changes or an unexpected package version could affect how the private key and trades are handled.
RecommendationPin package versions, review package provenance, and install in an isolated environment before providing any wallet private key.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
SKILL.md
`POLYMARKET_PRIVATE_KEY` (required) ... paste in the private key from your MetaMask or other decentralized wallet.

The skill requires a raw wallet private key for authenticated trading, while the provided registry metadata declares no required env vars or primary credential.

User impactA wallet private key can authorize financial activity; exposure or misuse could affect funds, allowances, and orders.
RecommendationUse only a dedicated low-balance wallet for Polymarket, do not use a main MetaMask private key, and require the skill metadata to explicitly declare the credential and its scope.
Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
scripts/min_buy.py
self.host = os.getenv("POLYMARKET_CLOB_HOST", CLOB_HOST) ... "key": private_key

The credentialed client host can be changed through an environment variable that is not documented in SKILL.md's Env section, which only lists POLYMARKET_PRIVATE_KEY.

User impactIf the environment is misconfigured or tampered with, credentialed trading operations could be directed away from the intended Polymarket endpoint.
RecommendationDocument all environment overrides, default to the official host, warn before using a non-default host, and consider blocking host overrides unless explicitly enabled by the user.