Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
polymarket-pro
v1.0.0Use the official Polymarket CLI to browse markets, trade on CLOB, manage positions, and analyze on-chain data. Features include market search, order book ana...
⭐ 0· 842·1 current·1 all-time
by@liwagu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (Polymarket CLI operations) match the runtime instructions: market browsing, CLOB trading, and on-chain data are all implemented as CLI commands. However, the registry metadata lists no required env vars or credentials while the SKILL.md explicitly documents three ways to supply a private key (CLI flag, POLYMARKET_PRIVATE_KEY env var, or config file). That metadata/instruction mismatch is inconsistent.
Instruction Scope
SKILL.md instructs the agent/user to create or provide private keys, read/write ~/.config/polymarket/config.json, and run on-chain approval transactions (which will spend gas). It also includes a curl | sh installer which runs remote code locally. The instructions do not attempt to limit or warn about storing sensitive keys in plaintext; they allow methods (env var, config file, CLI flag) that can expose secrets. These behaviors broaden the scope beyond simple read-only market queries.
Install Mechanism
No formal install spec in registry (instruction-only), but SKILL.md recommends two installs: a brew tap pointing at a GitHub repo (reasonable) and a 'curl -sSL https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh | sh' pattern. Curl|sh from a raw GitHub URL is higher risk because it executes remote script without review; it will write code to disk and may run arbitrary commands. This is proportionate to installing a CLI but still risky and should be audited before use.
Credentials
Trading requires a private key/wallet, and SKILL.md documents POLYMARKET_PRIVATE_KEY, config file, and CLI flag options. Yet the registry metadata declares no required env vars or primary credential. The skill therefore fails to declare a clearly sensitive dependency. Requiring a private key is reasonable for a trading CLI, but it must be declared and the user should be warned about safe key-handling (hardware wallets, avoid plaintext env vars).
Persistence & Privilege
The skill is instruction-only, has no install package in the registry, does not request 'always: true', and does not claim to modify other skills or system-wide agent settings. Autonomous invocation is allowed (platform default), which is normal, but see other concerns about keys and curl|sh.
What to consider before installing
This skill appears to be a wrapper for the Polymarket CLI and will ask you to provide a wallet private key to place trades. Before installing or running it: 1) Verify the upstream project: inspect the GitHub repo and the install script (do not run curl|sh blindly). 2) Prefer read-only operations first (market/list, order-book) and avoid supplying your private key until you audit the CLI. 3) If you must trade, consider using a hardware wallet or an account with limited funds; avoid storing your main private key in plaintext env vars or in ~/.config files. 4) Be cautious about running the provided curl | sh installer — pull the repo and review the script locally, or install from an audited package. 5) Note the SKILL metadata does not declare the private-key env var; treat that as a red flag and require the skill owner to clarify required credentials and their handling. If you plan to allow autonomous agent execution, do not provide any private key to the environment — autonomous invocation plus secret access would greatly increase risk.Like a lobster shell, security has layers — review code before you run it.
latestvk97fq1nx66tx02q3w76cmdpwm981trd3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.