Back to skill
Skillv1.0.0
VirusTotal security
Polymarket CLI Trading · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:03 AM
- Hash
- 44b76bb7e76a9adff9150070d400ff1293161593cfd2da532fab45903d5ba655
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: polymarket-cli-trading Version: 1.0.0 The skill is classified as suspicious primarily due to its recommended installation method, `curl -sSL ... | sh`, found in SKILL.md and README.md. While this command points to the official Polymarket CLI repository, executing remote scripts directly via `curl | bash` is a significant supply chain vulnerability, posing a critical Remote Code Execution (RCE) risk if the remote script or its source (GitHub) were ever compromised. Additionally, the skill inherently deals with highly sensitive financial operations, including private keys and API keys for cryptocurrency trading, which, despite safety-conscious instructions for the agent, elevates its risk profile beyond benign.
- External report
- View on VirusTotal