polymarket-pro
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is coherent for Polymarket use, but it gives an agent direct access to wallet keys, on-chain approvals, and real trading commands without clear guardrails.
Install only if you intentionally want an agent to help with real Polymarket trading. Use a dedicated low-balance wallet, verify the official CLI source before installation, never provide a main wallet private key, and require explicit written confirmation with price and size limits for every approval, trade, bulk order, or cancel-all action.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly, the agent could place trades, change positions, or cancel orders with real financial consequences.
The skill exposes commands that can place market orders, post multiple orders, and cancel all orders. The provided artifact does not show explicit confirmation or limit requirements before these financial actions.
polymarket clob market-order ... --amount 5 ... polymarket clob post-orders ... polymarket clob cancel-all
Use only with explicit per-trade confirmation, fixed maximum amounts, price limits, and a clear rule that bulk or cancel-all actions require separate user approval.
A private key or persistent approval can allow real trades or token movements from the connected wallet.
The skill requires wallet authority through a private key or local wallet config and documents setting on-chain approvals. This grants trading and transaction authority that is not reflected in the registry credential metadata.
wallet (private key or created via CLI) ... --private-key 0xabc... ... POLYMARKET_PRIVATE_KEY ... ~/.config/polymarket/config.json ... polymarket approve set
Use a dedicated low-balance wallet, avoid main wallet keys, prefer safer secret handling over command-line arguments, and manually review or revoke approvals.
Running the install command executes code from GitHub on the local machine.
The install instructions include executing a remote script from the current main branch. This is a common CLI install pattern and purpose-aligned, but it depends on trusting the remote source at install time.
curl -sSL https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh | sh
Verify the repository and script contents, prefer a pinned release or package-manager install, and avoid running remote shell scripts blindly.