polymarket-api1

The skill's instructions mostly match a Polymarket REST API spec, but there are several incoherent or risky details (no provenance, unclear/auth-defaults, odd guidance about regenerating credentials, and use of plain HTTP) that deserve caution before installing or using it.

This file reads like an API spec for a self-hosted Polymarket proxy/server — not a plugin that ships code. Before you install or use it: 1) Verify the source and obtain the actual server code/homepage; do not trust an unnamed spec. 2) Do not point an agent at http://localhost:8000 unless you control and have audited the server — the examples perform trades and wallet approvals. 3) Ensure the server enforces authentication (API keys, signed webhooks) and uses HTTPS; the doc's 'None required by default' is insecure. 4) Treat the 'Restart server to regenerate credentials' advice as incorrect/unsafe — verify how credentials are issued and rotated in the server code. 5) Restrict the server to localhost or a private network, enable IP whitelisting, and require signed webhook payloads. 6) Test in a safe dry-run or sandbox (no real funds) and review server logs and code before allowing automated or autonomous agent-driven trading. If you can't obtain the server source or clear deployment/auth guidance, avoid installing or giving this skill access to trading endpoints.