Polymarket
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed Polymarket trading skill, but it can use a wallet private key and execute real-money trades, so users should enable trading only with care.
Safe for read-only market browsing. Before enabling trading, install the CLI from a trusted source, use a dedicated wallet with limited funds, preview every order, and only permit --confirm after you personally verify the trade or cancellation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user or agent confirms the wrong order, the skill could place or cancel real Polymarket orders using the user's funds.
The skill can place trades and cancel orders through CLI commands. This is purpose-aligned and includes a confirmation flag, but it still controls real-money financial actions.
All trades require `--confirm` to execute. Without it, the order is previewed only.
Use preview mode first, review market, token, side, price, size, and cancellation scope, and only allow --confirm after explicit user approval.
A compromised or mishandled private key could authorize trades or affect funds in the user's wallet.
Trading requires a wallet private key stored in a local configuration file. This is expected for the Polymarket CLI, but it is sensitive account authority.
Or manually configure `~/.config/polymarket/config.json` with your private key.
Use a dedicated low-balance wallet, protect the config file, avoid storing large funds, and follow the Polymarket CLI's wallet security guidance.
Installing via an unpinned remote script means the code run during setup can change over time.
The documented setup runs a remote installer from the main branch. This is a disclosed, purpose-aligned dependency, but it is not pinned to a reviewed release in the artifact.
curl -sSL https://raw.githubusercontent.com/Polymarket/polymarket-cli/main/install.sh | sh
Inspect the installer first or install the Polymarket CLI from a pinned, trusted release when possible.