Back to skill
Skillv1.0.0
VirusTotal security
polymarket-pro · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:34 AM
- Hash
- f51f0d91071a8588b6de1332907725fa3e79773f2a29a4fbec622b43bd3cb8af
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: polymarket-pro Version: 1.0.0 The skill is classified as suspicious primarily due to its reliance on `curl -sSL ... | sh` for installation of the `polymarket` CLI, which introduces a significant supply chain vulnerability. While this is a common installation pattern, it allows for arbitrary code execution if the remote script at `https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh` were compromised. Additionally, the skill inherently deals with high-risk operations such as managing cryptocurrency private keys, API keys, and performing financial transactions on a prediction market, as detailed throughout `SKILL.md`. Although these operations are described as legitimate functionalities, their sensitive nature, combined with the risky installation method, warrants a 'suspicious' classification rather than 'benign' due to the potential for exploitation, even without clear evidence of intentional malicious behavior by the skill author.
- External report
- View on VirusTotal