ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Polymarket

Query and trade on Polymarket prediction markets — check odds, trending markets, search events, view order books, place trades, and manage positions. Now ava...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
20 · 4.7k · 52 current installs · 53 all-time installs
by@mvanhorn
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, SKILL.md, and scripts/polymarket.py are consistent: read-only features use the public Gamma API (no auth) and trading wraps the official Polymarket CLI. The skill does not request unrelated credentials or bizarre system access.
Instruction Scope
Runtime instructions stay within the trading/browsing scope. They tell the user/agent to run the included Python script and, for trading, to install and call the Polymarket CLI and to store a private key in ~/.config/polymarket/config.json. This is expected for a trading CLI, but the install step (curl|sh) and local private-key storage are sensitive operations the user should review.
!
Install Mechanism
There is no formal install spec in the skill bundle; SKILL.md/README recommend running a remote install script via curl -sSL https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh | sh. Piping a remote script to sh is high-risk even if hosted on GitHub raw; users should inspect the install.sh (and the polymarket-cli repo/releases) before running it.
Credentials
The skill declares no required env vars or credentials (proportionate). Trading requires a wallet/private key stored locally (~/.config/polymarket/config.json) which is normal for this functionality, but it is highly sensitive. The skill itself doesn't request unrelated secrets.
Persistence & Privilege
always:false and no special persistent privileges requested. The skill does not attempt to modify other skills or system-wide agent configuration.
Assessment
This skill appears to do what it says (browse Polymarket via the Gamma API and wrap the official Polymarket CLI for trades), but take these precautions before installing/using it: 1) Do not blindly run the recommended curl | sh installer — review the install.sh file and the polymarket-cli repository and releases on GitHub first. 2) Prefer installing polymarket-cli from a verified release or package manager if available. 3) Be careful with your private key: understand that the CLI will read ~/.config/polymarket/config.json and that any command that triggers an on-chain action will use real USDC on Polygon. 4) Use small amounts or a throwaway wallet until you trust the tool. 5) Confirm that all trades require your explicit --confirm and that your agent will not autonomously place trades without consent. 6) If possible, use a hardware wallet or manual signing to reduce exposure. If you want, provide the full remaining portion of scripts/polymarket.py so I can scan the rest of the code for unexpected behavior.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.2.1
Download zip
latestvk97cr5jynah9d9kzzjqct3wvex82efh2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis

SKILL.md

Polymarket

Query Polymarket prediction markets and trade from the terminal.

Setup

Read-only commands work immediately (no install needed).

For trading, order books, and price history, install the Polymarket CLI:

curl -sSL https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh | sh

For trading, set up a wallet:

python3 {baseDir}/scripts/polymarket.py wallet-setup

Or manually configure ~/.config/polymarket/config.json with your private key. See the CLI docs for details.

Commands

Browse Markets (no CLI needed)

# Trending/active markets
python3 {baseDir}/scripts/polymarket.py trending

# Search markets
python3 {baseDir}/scripts/polymarket.py search "trump"

# Get specific event by slug
python3 {baseDir}/scripts/polymarket.py event "fed-decision-in-october"

# Get markets by category
python3 {baseDir}/scripts/polymarket.py category politics
python3 {baseDir}/scripts/polymarket.py category crypto

Order Book & Prices (CLI required, no wallet)

# Order book for a token
python3 {baseDir}/scripts/polymarket.py book TOKEN_ID

# Price history
python3 {baseDir}/scripts/polymarket.py price-history TOKEN_ID --interval 1d

Wallet (CLI required)

python3 {baseDir}/scripts/polymarket.py wallet-setup
python3 {baseDir}/scripts/polymarket.py wallet-show
python3 {baseDir}/scripts/polymarket.py wallet-balance
python3 {baseDir}/scripts/polymarket.py wallet-balance --token TOKEN_ID

Trading (CLI + wallet required)

All trades require --confirm to execute. Without it, the order is previewed only.

# Buy limit order: 10 shares at $0.50
python3 {baseDir}/scripts/polymarket.py --confirm trade buy --token TOKEN_ID --price 0.50 --size 10

# Sell limit order
python3 {baseDir}/scripts/polymarket.py --confirm trade sell --token TOKEN_ID --price 0.70 --size 10

# Market order: buy $5 worth
python3 {baseDir}/scripts/polymarket.py --confirm trade buy --token TOKEN_ID --market-order --amount 5

Orders & Positions (CLI + wallet required)

# List open orders
python3 {baseDir}/scripts/polymarket.py orders

# Cancel a specific order
python3 {baseDir}/scripts/polymarket.py --confirm orders --cancel ORDER_ID

# Cancel all orders
python3 {baseDir}/scripts/polymarket.py --confirm orders --cancel all

# View positions
python3 {baseDir}/scripts/polymarket.py positions
python3 {baseDir}/scripts/polymarket.py positions --address 0xYOUR_WALLET

Example Chat Usage

  • "What are the odds Trump wins 2028?"
  • "Trending on Polymarket?"
  • "Search Polymarket for Bitcoin"
  • "Show me the order book for [token]"
  • "Buy 10 shares of YES on [market] at $0.45"
  • "What are my open positions?"
  • "Cancel all my orders"

⚠️ Safety Notes

  • Real money. Trades execute on Polygon with real USDC. Double-check everything.
  • All trades require --confirm. Without it, you get a preview only.
  • The CLI is experimental. The Polymarket team warns: "Use at your own risk and do not use with large amounts of funds."
  • Private key security. Your key is stored in ~/.config/polymarket/config.json. Keep it safe.
  • Gas fees. On-chain operations (approvals, splits, redeems) require MATIC for gas.

API

Read-only commands use the public Gamma API (no auth):

  • Base URL: https://gamma-api.polymarket.com

Trading commands wrap the official Polymarket CLI (Rust binary).

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…